Citrix warned customers to deploy security updates that address a critical Citrix Application Delivery Management (ADM) vulnerability that can let attackers reset admin passwords.
Citrix ADM is a web-based solution that provides admins with a centralized cloud-based console for managing on-premises or cloud Citrix deployments, including Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix Secure Web Gateway.
The bug (tracked as CVE-2022-27511 is caused by an Improper Access Control weakness. It affects all supported versions of Citrix ADM server and Citrix ADM agent (i.e., Citrix ADM 13.0 before 13.0-85.19 and Citrix ADM 13.1 before 13.1-21.53).
Successful exploitation of this security flaw can allow unauthenticated threat actors to corrupt unpatched systems remotely, leading to admin password reset.