search cancel

Citrix ADC and Gateway Zero-Day Vulnerability CVE-2022-27518 SPS

book

Article ID: 256616

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder)

Issue/Introduction

 

When running a Siteminder component such as Web Agent or CA Access Gateway (SPS), how to solve the vulnerability CVE-2022-27518?

 

Resolution

 

At first glance, this vulnerability is strictly related to Citrix products, and outside Siteminder.

To fix this issue, follow the steps given on this Citrix page (1).

There's nothing to do on the Siteminder side. Siteminder has NO embedded Citrix product; as such, it's expected not to find the ns.conf in the Siteminder component.

Even if a Siteminder component is installed and run along the Citrix one, the problem resides in Citrix, not in Siteminder. As such, and as per the CVE-2022-27518, upgrade the Citrix component to the version that solves this vulnerability.

 

Additional Information

 

(1)

    Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518

      Citrix strongly urges affected customers of Citrix ADC and Citrix
      Gateway to install the relevant updated versions of Citrix ADC or
      Citrix Gateway as soon as possible:

  Citrix ADC and Citrix Gateway 13.0-58.32 and later releases
  Citrix ADC and Citrix Gateway 12.1-65.25 and later releases of 12.1
  Citrix ADC 12.1-FIPS 12.1-55.291 and later releases of 12.1-FIPS
  Citrix ADC 12.1-NDcPP 12.1-55.291 and later releases of 12.1-NDcPP