Citrix Critical Security Bulletin

June 14, 2022
- Richard Faulkner

Citrix released a new Critical Security Bulletin today that affects the Application Delivery Manager appliance and its agents. It does not directly affect the Application Delivery Controller (ADC) (formerly known as NetScaler). This vulnerability requires access to the management IP of the appliance, so your risk is limited provided you are not permitting access to the appliance from the internet. The more preferred method is to limit your management traffic to its own subnet. This vulnerability could result in the resetting of the appliance’s password, which then would grant control of the appliance and any ADCs that are administratively connected to it.

The fixes are to immediately limit access to the management IP address as much as possible, and to then apply the latest firmware update listed in the article linked below. If you are running any version of the appliance prior to 13.0, they are no longer supported. They are vulnerable, so please update the appliance to at least the 13.0 version. The appliance version and the ADC version do not need to match. The ADM is backward compatible with prior versions of firmware.

If you need assistance in getting the problem mitigated, please contact our support desk at support@conversantgroup.com and we will make arrangements for someone to assist you.

The support article can be found here:

https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512

About Conversant Group & Fenix24

Conversant Group is changing the IT services paradigm with our relentless focus on “Secure First” managed services, IT infrastructure and consulting. Conversant has been a thought leader for over 12 years helping over 500 customers and entire industries get answers to the security questions they may not even know to ask. We are the world’s first civilian cybersecurity force, with three battle-tested battalions:
Learn more at Fenix24.com and ConversantGroup.com.
Media Contact:
Lindsay Smith

Lindsay.Smith@Conversantgroup.com