This Alert is relevant to organisations who deploy and maintain configurations for Citrix appliances to facilitate remote access for their users. The Alert is intended to be understood by slightly more technical users who maintain systems - there is no action for the end users to take.
Background / What has happened?
The Australian Cyber Security Centre (ACSC) is aware of a critical vulnerability (CVE-2022-27518) affecting many versions of Citrix Gateway and ADC.
Citrix ADC are widely used by organisations to provide remote desktop services to remote users, including allowing users to work from home.
Exploitation of the vulnerability could allow a malicious actor to perform remote code execution against hosts running the affected versions of Citrix.
The ACSC is aware the vulnerability may have been exploited in the wild. The ACSC is not aware of successful exploitation attempts against Australian organisations.
Affected Australian organisations should apply the available patch immediately and investigate for signs of compromise.
Mitigation / How do I stay secure?
Australian organisations that use Citrix Gateway or ADC should read Citrix Security Bulletin CTX474995 and take the recommended actions.