CVE-2022-27518

Unauthenticated remote arbitrary code execution

CVSS 9.8 CRITICALEPSS 6.9%● KEVCWE-664

In short

An attacker can execute arbitrary code on a vulnerable server without needing to log in. This is critical because it allows complete takeover of the system from the internet.

Technical detail

CWE-664 vulnerability enabling unauthenticated remote code execution with CVSS 9.8 severity. Attackers can exploit this without authentication by sending crafted requests to the vulnerable application, resulting in arbitrary code execution with the privileges of the affected service.

Summary generated and translated by AI from the official description.

Unauthenticated remote arbitrary code execution

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Citrix · Citrix Gateway, Citrix ADC

public PoCs found — 1

githubgithub.com/dolby360/CVE-2022-27518_POC★ 2

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support.citrix.com/article/CTX474995 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-27518