Skip to main content

Critical vulnerabilities in Citrix Gateway and Application Delivery Controller (ADC) devices

The Australian Cyber Security Centre (ACSC) is aware of a critical vulnerability affecting many versions of Citrix Gateway and ADC. All Australian operators should check for indicators of compromise and install the latest updated versions.

Alert status

This Alert is relevant to organisations who deploy and maintain configurations for Citrix appliances to facilitate remote access for their users. The Alert is intended to be understood by slightly more technical users who maintain systems – there is no action for the end users to take.

Background / What has happened?

The Australian Cyber Security Centre (ACSC) is aware of a critical vulnerability (CVE-2022-27518) affecting many versions of Citrix Gateway and ADC.

Citrix ADC are widely used by organisations to provide remote desktop services to remote users, including allowing users to work from home.

Exploitation of the vulnerability could allow a malicious actor to perform remote code execution against hosts running the affected versions of Citrix.

The ACSC is aware the vulnerability may have been exploited in the wild. The ACSC is not aware of successful exploitation attempts against Australian organisations.

Affected Australian organisations should investigate for signs of compromise.

Mitigation / How do I stay secure?

Australian organisations that use Citrix Gateway or ADC should install the latest updated versions, read Citrix Security Bulletin CTX474995 and take the recommended actions.

Assistance/Where can I go for help?

The ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations or individuals that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).

Content complexity
This rating relates to the complexity of the advice and information provided on the page.
Was this information helpful?
Was this information helpful?

Thanks for your feedback!


Tell us why this information was helpful and we’ll work on making more pages like it