Sign-up

ID

VAR-202205-1914


CVE

CVE-2022-27507


TITLE

Citrix Application Delivery Controller  and  Citrix Gateway  Resource exhaustion vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-006658

DESCRIPTION

Authenticated denial of service. Citrix Application Delivery Controller and Citrix Gateway Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. Both Citrix Gateway (Citrix Systems NetScaler Gateway) and Citrix ADC are products of Citrix Systems (Citrix). Citrix Gateway is a secure remote access solution. The product provides administrators with application-level and data-level control functions to enable users to remotely access applications and data from any location. Citrix ADC is one of the most comprehensive application delivery and load balancing solutions. Used for application security, overall visibility and availability. The following products and versions are affected: Citrix ADC and Citrix Gateway 13.1 prior to 13.1-21.50, Citrix ADC and Citrix Gateway 13.0-85.19 prior to 13.0, Citrix ADC and Citrix Gateway 12.1 prior to 12.1-64.17, Citrix-ADC 12.1 FIPS 12.1-55.278 prior, Citrix ADC 12.1-NDcPP prior 12.1-55.278

Trust: 1.8

sources: NVD: CVE-2022-27507 // JVNDB: JVNDB-2022-006658 // VULHUB: VHN-418141 // VULMON: CVE-2022-27507

AFFECTED PRODUCTS

vendor:citrixmodel:application delivery controllerscope:gteversion:13.1

Trust: 1.0

vendor:citrixmodel:gatewayscope:ltversion:12.1-64.17

Trust: 1.0

vendor:citrixmodel:application delivery controllerscope:gteversion:13.0

Trust: 1.0

vendor:citrixmodel:gatewayscope:gteversion:12.1

Trust: 1.0

vendor:citrixmodel:gatewayscope:gteversion:13.0

Trust: 1.0

vendor:citrixmodel:gatewayscope:ltversion:13.1-21.50

Trust: 1.0

vendor:citrixmodel:gatewayscope:gteversion:13.1

Trust: 1.0

vendor:citrixmodel:application delivery controllerscope:ltversion:13.0-85.19

Trust: 1.0

vendor:citrixmodel:application delivery controllerscope:ltversion:12.1-64.17

Trust: 1.0

vendor:citrixmodel:application delivery controllerscope:ltversion:12.1-55.278

Trust: 1.0

vendor:citrixmodel:application delivery controllerscope:ltversion:13.1-21.50

Trust: 1.0

vendor:citrixmodel:gatewayscope:ltversion:13.0-85.19

Trust: 1.0

vendor:citrixmodel:application delivery controllerscope:gteversion:12.1

Trust: 1.0

vendor:シトリックス システムズmodel:citrix application delivery controllerscope: - version: -

Trust: 0.8

vendor:シトリックス システムズmodel:citrix gatewayscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-006658 // NVD: CVE-2022-27507

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-27507
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-202205-4146
value: MEDIUM

Trust: 0.6

NVD:
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-27507
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-006658 // NVD: CVE-2022-27507 // CNNVD: CNNVD-202205-4146

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.1

problemtype:Resource exhaustion (CWE-400) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-418141 // JVNDB: JVNDB-2022-006658 // NVD: CVE-2022-27507

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-4146

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202205-4146

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-27507

PATCH
title:CTX457048url:https://support.citrix.com/article/ctx457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508
Trust: 0.8
title:Multiple Citrix Systems Product resource management error vulnerability fixesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=223463
Trust: 0.6
title:Citrix Security Bulletins: Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27507 and CVE-2022-27508url:https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins&qid=72c36bceaf4968fb4025839fb3ab9ded
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-27507 // 
            
            
            
            JVNDB: JVNDB-2022-006658 // 
            
            
            
            CNNVD: CNNVD-202205-4146

EXTERNAL IDS
db:NVDid:CVE-2022-27507
Trust: 3.4
db:JVNDBid:JVNDB-2022-006658
Trust: 0.8
db:CNNVDid:CNNVD-202205-4146
Trust: 0.7
db:AUSCERTid:ESB-2022.2571
Trust: 0.6
db:VULHUBid:VHN-418141
Trust: 0.1
db:VULMONid:CVE-2022-27507
Trust: 0.1
sources:
            
            
            VULHUB: VHN-418141 // 
            
            
            
            VULMON: CVE-2022-27507 // 
            
            
            
            JVNDB: JVNDB-2022-006658 // 
            
            
            
            NVD: CVE-2022-27507 // 
            
            
            
            CNNVD: CNNVD-202205-4146

REFERENCES
url:https://support.citrix.com/article/ctx457048/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227507-and-cve202227508
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2022-27507
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2022.2571
Trust: 0.6
url:https://cxsecurity.com/cveshow/cve-2022-27507/
Trust: 0.6
url:https://nvd.nist.gov
Trust: 0.1
url:https://support.citrix.com/article/ctx457048
Trust: 0.1
sources:
            
            
            VULHUB: VHN-418141 // 
            
            
            
            VULMON: CVE-2022-27507 // 
            
            
            
            JVNDB: JVNDB-2022-006658 // 
            
            
            
            NVD: CVE-2022-27507 // 
            
            
            
            CNNVD: CNNVD-202205-4146

SOURCES
db:VULHUBid:VHN-418141
db:VULMONid:CVE-2022-27507
db:JVNDBid:JVNDB-2022-006658
db:NVDid:CVE-2022-27507
db:CNNVDid:CNNVD-202205-4146

LAST UPDATE DATE
2023-12-18T13:22:22.834000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-418141date:2023-02-01T00:00:00
db:VULMONid:CVE-2022-27507date:2023-01-27T00:00:00
db:JVNDBid:JVNDB-2022-006658date:2023-07-07T06:36:00
db:NVDid:CVE-2022-27507date:2023-02-01T20:38:16.680
db:CNNVDid:CNNVD-202205-4146date:2023-02-02T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-418141date:2023-01-26T00:00:00
db:VULMONid:CVE-2022-27507date:2023-01-26T00:00:00
db:JVNDBid:JVNDB-2022-006658date:2023-07-07T00:00:00
db:NVDid:CVE-2022-27507date:2023-01-26T21:15:33.080
db:CNNVDid:CNNVD-202205-4146date:2022-05-26T00:00:00