Jump to content
Welcome to our new Citrix community!

Gateway+Basic-Authentication+ICA-Proxy-only ... vulnerable by : Citrix Gateway and Citrix ADC Security Bulletin for CVE-2022-27510 CVE-2022-27513 and CVE-2022-27516 ??


dirk kotte

Recommended Posts

Hi all,

according to article https://support.citrix.com/article/CTX463706 we have some requirements to be vulnerable.
I run a lot of installations where i have: 
- CitrixGateway
- Basic-Authentication
- ICA-Proxy-only

(no AAA-vServer, no RDP-Proxy, no VPN)
Do i have a problem with the CVE's above 
Thanks
Dirk

 

Link to comment
Share on other sites

Would love to hear from Citrix on this issue. We have the same configuration and it would seem, according to the docs they released, to only impact configs using VPN services. No offense, Arnaud, but you do not seem qualified to answer this question with any kind of authority and it looks like speculation on your part because the article clearly states "Appliance must be configured as a VPN" for all the CVEs. I plan to upgrade all my firmware regardless but it still want an official answer so I can prioritized accordingly.

Link to comment
Share on other sites

Internal NetScaler terminology is "vpn" for all Gateways. From the CLI, you create one using the command "add vpn vserver".

 

Gateways can be either full VPN, Clientless, or ICA Proxy.

 

These particular vulnerabilities apply to authentication, which doesn't care what mode your Gateway is in since authentication happens before the session is launched as VPN, clientless, or ICA.

  • Like 1
Link to comment
Share on other sites

  • 4 weeks later...

Matt,

 

Arnaud and Carl are both correct.

reading the article,...

 

CVE-2022-27510;    Pre-conditions;    Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy). this means Gateway configured as SSL VPN OR ICA Proxy OR CVPN OR RDP Proxy

CVE-2022-27513;    Pre-conditions:    Gateway (RDP Proxy) . This means this specifically affects the gateway that's acting as an RDP Proxy

CVE-2022-27516;    Pre-conditions;    Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server. Same as first plus also affects AAA Servers. 

 

Regards

 

Ken Z

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...