Alert status HIGH This Alert is relevant to organisations who deploy and maintain configurations for Citrix appliances to facilitate remote access for their users. The Alert is intended to be understood by slightly more technical users who maintain systems – there is no action for the end users to take. Background / What has happened? The Australian Cyber Security Centre (ACSC) is aware of a critical vulnerability (CVE-2022-27518) affecting many versions of Citrix Gateway and ADC. Citrix ADC are widely used by organisations to provide remote desktop services to remote users, including allowing users to work from home. Exploitation of the vulnerability could allow a malicious actor to perform remote code execution against hosts running the affected versions of Citrix. The ACSC is aware the vulnerability may have been exploited in the wild. The ACSC is not aware of successful exploitation attempts against Australian organisations. Affected Australian organisations should investigate for signs of compromise. Mitigation / How do I stay secure? Australian organisations that use Citrix Gateway or ADC should install the latest updated versions, read Citrix Security Bulletin CTX474995 and take the recommended actions. The Security Bulletin published by Citrix is available at: https://support.citrix.com/article/CTX474995/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227518 A Cybersecurity Advisory has also been published by the United States’ National Security Agency (NSA), which is available at: https://www.nsa.gov/Press-Room/Cybersecurity-Advisories-Guidance/ Assistance/Where can I go for help? The ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations or individuals that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371). Content complexity Moderate This rating relates to the complexity of the advice and information provided on the page.