According to the National Security Agency, actors backed by the Chinese government are actively targeting a zero-day vulnerability in two commonly-used Citrix networking devices.
The exploit (CVE-2022-27518) affects Citrix ADC, an application delivery controller, and Citrix Gateway, a remote access tool. Both devices are standard in mid-to-large enterprise networks. Analysts at the National Institute for Standards and Technology (NIST) categorize the exploit as ”critical,” the highest risk level, for its broad potential impact and ease of execution.
Citrix pushed out an emergency patch for the vulnerability last week and is urging customers using affected builds of Citrix ADC and Citrix Gateway to install the updates immediately. Compliance Officers and Chief Information Security Officers may wish to consider heeding this warning and apply the firmware patch to affected devices ASAP, outside of regular update cycles if necessary.