Details of VAR-202211-0998

ID

VAR-202211-0998

CVE

CVE-2022-27513

TITLE

of Citrix Systems Citrix Gateway and Citrix Application Delivery Controller Insufficient validation of data authenticity in firmware vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-020611

DESCRIPTION

Remote desktop takeover via phishing . of Citrix Systems Citrix Gateway and Citrix Application Delivery Controller Firmware contains insufficient validation of data authenticity.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-27513 // JVNDB: JVNDB-2022-020611 // VULHUB: VHN-418147

AFFECTED PRODUCTS

vendor:	citrix	model:	application delivery controller	scope:	lt	version:	12.1-65.21	Trust: 1.0
vendor:	citrix	model:	gateway	scope:	gte	version:	12.1	Trust: 1.0
vendor:	citrix	model:	gateway	scope:	gte	version:	13.1	Trust: 1.0
vendor:	citrix	model:	application delivery controller	scope:	gte	version:	13.0	Trust: 1.0
vendor:	citrix	model:	application delivery controller	scope:	lt	version:	13.1-33.47	Trust: 1.0
vendor:	citrix	model:	gateway	scope:	gte	version:	13.0	Trust: 1.0
vendor:	citrix	model:	gateway	scope:	lt	version:	13.1-33.41	Trust: 1.0
vendor:	citrix	model:	application delivery controller	scope:	gte	version:	12.1	Trust: 1.0
vendor:	citrix	model:	application delivery controller	scope:	gte	version:	13.1	Trust: 1.0
vendor:	citrix	model:	gateway	scope:	lt	version:	13.0-88.12	Trust: 1.0
vendor:	citrix	model:	application delivery controller	scope:	lt	version:	13.0-88.12	Trust: 1.0
vendor:	citrix	model:	application delivery controller	scope:	lt	version:	12.1-55.289	Trust: 1.0
vendor:	citrix	model:	gateway	scope:	lt	version:	12.1-65.21	Trust: 1.0
vendor:	シトリックスシステムズ	model:	citrix gateway	scope:	-	version:	-	Trust: 0.8
vendor:	シトリックスシステムズ	model:	citrix application delivery controller	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-020611 // NVD: CVE-2022-27513

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-27513
value:	CRITICAL
Trust: 1.0
secure@citrix.com:	CVE-2022-27513
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-27513
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202211-2371
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2022-27513
baseSeverity:	CRITICAL
baseScore:	9.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	6.0
version:	3.1
Trust: 1.0
secure@citrix.com:	CVE-2022-27513
baseSeverity:	HIGH
baseScore:	8.3
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2022-27513
baseSeverity:	CRITICAL
baseScore:	9.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-020611 // CNNVD: CNNVD-202211-2371 // NVD: CVE-2022-27513 // NVD: CVE-2022-27513

PROBLEMTYPE DATA

problemtype:	CWE-345	Trust: 1.1
problemtype:	Inadequate verification of data reliability (CWE-345) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-418147 // JVNDB: JVNDB-2022-020611 // NVD: CVE-2022-27513

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-2371

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-202211-2371

PATCH

title:

Citrix Gateway and Citrix ADC Repair measures for data forgery problem vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=213779

Trust: 0.6

sources: CNNVD: CNNVD-202211-2371

EXTERNAL IDS

db:	NVD	id:	CVE-2022-27513	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-020611	Trust: 0.8
db:	CNNVD	id:	CNNVD-202211-2371	Trust: 0.6
db:	VULHUB	id:	VHN-418147	Trust: 0.1

sources: VULHUB: VHN-418147 // JVNDB: JVNDB-2022-020611 // CNNVD: CNNVD-202211-2371 // NVD: CVE-2022-27513

REFERENCES

url:	https://support.citrix.com/article/ctx463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-27513	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-27513/	Trust: 0.6

sources: VULHUB: VHN-418147 // JVNDB: JVNDB-2022-020611 // CNNVD: CNNVD-202211-2371 // NVD: CVE-2022-27513

SOURCES

db:	VULHUB	id:	VHN-418147
db:	JVNDB	id:	JVNDB-2022-020611
db:	CNNVD	id:	CNNVD-202211-2371
db:	NVD	id:	CVE-2022-27513

LAST UPDATE DATE

2024-08-14T14:43:39.210000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-418147	date:	2022-11-09T00:00:00
db:	JVNDB	id:	JVNDB-2022-020611	date:	2023-11-02T08:06:00
db:	CNNVD	id:	CNNVD-202211-2371	date:	2022-11-10T00:00:00
db:	NVD	id:	CVE-2022-27513	date:	2023-10-18T18:15:08.757

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-418147	date:	2022-11-08T00:00:00
db:	JVNDB	id:	JVNDB-2022-020611	date:	2023-11-02T00:00:00
db:	CNNVD	id:	CNNVD-202211-2371	date:	2022-11-08T00:00:00
db:	NVD	id:	CVE-2022-27513	date:	2022-11-08T22:15:13.313