Citrix has patched a critical vulnerability in its Application Delivery Management (ADM) technology that, if left unresolved, creates a means for remote attackers to reset admin passwords.
The improper access control vulnerability (CVE-2022-27511) created a risk that a remote, unauthenticated user could not only crash a system via a denial-of-service (DoS) exploit, but go on to reset admin credentials on the next subsequent reboot.
An advisory by Citrix issued last week explains that vulnerability could be abused to trigger the “reset of the administrator password at the next device reboot, allowing an attacker with SSH [Secure Shell] access to connect with the default administrator credentials after the device has rebooted”.
Access granted
The particulars of the issue turn what would normally be a system corruption problem into a much more severe vulnerability with a severity akin to that posed by an unauthenticated, remote code execution (RCE) flaw.
Another, less severe vulnerability (CVE-2022-27512) creates a means to temporarily disrupt the ADM license service.
All supported versions of Citrix ADM server and Citrix ADM agent are affected by the vulnerabilities, which were both discovered by security researchers from German firm Code White.
Citrix urged enterprise sysadmins to upgrade to the most recent versions of its technology – Citrix ADM 13.1-21.53, Citrix ADM 13.0-85.19, or subsequent releases.
An advisory from the US Cybersecurity and Infrastructure Security Agency warns that an “attacker could exploit these vulnerabilities to take control of an affected system”, emphasizing the seriousness of the potential risk.
The Daily Swig contacted the researchers at Code White, who declined to comment further at this time, adding they had no immediate plans to release any blog post or technical write-up.
Citrix ADM offers a web-based technology for managing Citrix deployment in the cloud or on-premise. Although known for thin client computing, Citrix these days offers a range of networking product that improves the delivery speed and quality of apps served to end users. This functionality is delivered through load balancing and web app acceleration technologies.
Source: https://portswigger.net/daily-swig/critical-citrix-adm-vulnerability-creates-means-to-reset-admin-passwords