Unauthenticated remote arbitrary code execution
Published: 2022-12-13
Citrix has patched a critical remote code execution vulnerability in its Gateway and ADC products. This vulnerability has reportedly been exploited as a zero day; organizations should patch urgently.
https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-orb-networks
https://thehackernews.com/2023/03/from-ransomware-to-cyber-espionage-55.html
https://www.mandiant.com/resources/blog/zero-days-exploited-2022
https://www.tenable.com/cyber-exposure/tenable-2022-threat-landscape-report
https://www.tenable.com/blog/cve-2022-27518-unauthenticated-rce-in-citrix-adc-and-gateway
https://media.defense.gov/2022/Dec/13/2003131586/-1/-1/0/CSA-APT5-CITRIXADC-V1.PDF