CVE Radar

CVE Radar Logo
CVERadar

Edition used by more than 30,000 companies in more than 150 countries.
Sign Up For Free

CVE-2022-27510

Critical Severity|Citrix
89
SVRS
9.8
CVSSv3
0.01175
EPSS
TAGS
In The Wild
VECTOR STRING
CVSS:3.1AV:NAC:LPR:NUI:NS:UC:HI:HA:H
PUBLICATION DATE2022-11-08
LAST MODIFIED2025-05-01

Security Intelligence Brief

1. What is this vulnerability and why does it matter?
This vulnerability, identified as CVE-2022-27510, involves unauthorized access to Gateway user capabilities. This is a critical issue because it allows an attacker to bypass authentication mechanisms or exploit flaws to gain illicit entry to a gateway device. Such unauthorized access can lead to a complete compromise of the gateway, potentially allowing the attacker to control network traffic, access sensitive data, launch further attacks within the network, or disrupt services. The presence of active exploits further elevates the importance of this vulnerability, making immediate attention and remediation crucial for any organization using affected systems.
2. What are the CVSS score, severity level, and disclosure details?
The Common Vulnerability Scoring System (CVSS) score for CVE-2022-27510 is 9.8, which places it at a Critical severity level. The vulnerability was publicly disclosed and published on November 8, 2022, at 21:26:10 UTC. The record was last modified on May 1, 2025, at 19:37:47 UTC, indicating potential updates or additional information becoming available over time.
4. What is the technical root cause and attack vector?
The technical root cause of CVE-2022-27510 is categorized under Common Weakness Enumerations (CWE) CWE-288: Authentication Bypass Using an Alternate Path or Channel and CWE-287: Improper Authentication. This indicates fundamental flaws in how the gateway system authenticates users or handles authentication processes. An attacker can leverage these weaknesses to circumvent standard authentication procedures, gaining unauthorized access to user capabilities on the Gateway. The attack vector is likely network-based, allowing a remote attacker to exploit the vulnerability without requiring local access or extensive user interaction.
5. How can this vulnerability be exploited?
This vulnerability can be exploited by an attacker to gain unauthorized access to Gateway user capabilities. Given the CWEs (CWE-288 and CWE-287), exploitation likely involves bypassing or subverting the authentication mechanism. This could manifest as:
  • Exploiting a logical flaw in the authentication flow.
  • Using an alternate channel to authenticate without proper checks.
  • Improper handling of authentication tokens or sessions.
The fact that active exploits have been published indicates that the methodology for leveraging this vulnerability is known and has been operationalized by malicious actors. Successful exploitation would grant the attacker the same capabilities as a legitimate, authenticated user, or potentially even administrative access, on the affected Gateway.
11. What is the risk assessment and urgency level?
The risk associated with CVE-2022-27510 is assessed as Extremely High. This is based on several critical factors:
  • A CVSS score of 9.8 (Critical), indicating severe impact on confidentiality, integrity, and availability.
  • The nature of the vulnerability allowing unauthorized access to Gateway user capabilities, which can lead to full device compromise and potentially broader network compromise.
  • The confirmed existence of active exploits, meaning that this vulnerability is not merely theoretical but is being actively targeted by threat actors.
The urgency level for addressing this vulnerability is Immediate/Critical. Organizations utilizing any potentially affected Gateway systems must prioritize investigation and implement available patches or mitigation strategies without delay to prevent active exploitation and severe security breaches.

No IOCs found for this CVE

TitleSoftware LinkDate
ARPSyndicate/cvemonhttps://github.com/ARPSyndicate/cvemon2021-04-13
SOCRadar Logo

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs
ISC StormCast for Wednesday, November 9th, 2022
Dr. Johannes B. Ullrich2022-11-09
ISC StormCast for Wednesday, November 9th, 2022 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft, VMWare and Citrix Patches and maybe Exchange Patches too?Microsoft Patches https://isc.sans.edu/diary/Microsoft%20November%202022%20Patch%20Tuesday/29230 VMWare Workspace One Updates CVE-2022-31686, CVE-2022-31687, CVE-2022-31688 https://www.vmware.com/security/advisories/VMSA-2022-0028.html Citrix Gateway / Citrix ADC Vulnerabilities CVE-2022-27510 https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516 Microsoft
cve-2022-31686cve-2022-31687cve-2022-31688cve-2022-27510
Approximately 2000 Citrix NetScalers backdoored in mass-exploitation campaign
Fox-SRT2025-08-01
Approximately 2000 Citrix NetScalers backdoored in mass-exploitation campaign | Fox-IT (part of NCC Group) has uncovered a large-scale exploitation campaign of Citrix NetScalers in a joint effort with the Dutch Institute of Vulnerability Disclosure (DIVD). An adversary appears to have exploited CVE-2023-3519 in an automated fashion, placing webshells on vulnerable NetScalers to gain persistent access. The adversary can execute arbitrary commands with this webshell, … Continue reading Approximately 2000 Citrix NetScalers backdoored in mass-exploitation campaign
fox-it.comrssforumnews
Show All News
avatar
Defused@DefusedCyber
2025-12-01
Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2024-40766 (SonicOS SSL-VPN..) +64.88% - CVE-2022-27510 (NetScaler ADC..) +21.33% - CVE-2022-27510 (Gateway..) +21.33% - CVE-2021-27877 (Veritas Veritas..) +15.37% - CVE-2021-27876 (Veritas Veritas..) +14.32%
avatar
Defused@DefusedCyber
2025-09-15
Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2015-2291 (IQVW32.sys (BYO..) +23.34% - CVE-2024-26169 (Windows Error R..) +9.58% - CVE-2023-20269 (ASA..) +6.84% - CVE-2023-20269 (FTD..) +6.84% - CVE-2022-27510 (NetScaler ADC..) +6.76%
avatar
Defused@DefusedCyber
2025-09-08
Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2025-53770 (SharePoint..) +25.40% - CVE-2023-20269 (ASA..) +24.24% - CVE-2023-20269 (FTD..) +24.24% - CVE-2024-26169 (Windows Error R..) +9.58% - CVE-2022-27510 (NetScaler ADC..) +6.76%
avatar
Defused@DefusedCyber
2025-06-24
Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2022-27510 (NetScaler ADC..) +133.89% - CVE-2022-27510 (Gateway..) +133.89% - CVE-2015-2291 (IQVW32.sys (BYO..) +95.53% - CVE-2019-5591 (FortiOS..) +60.67% - CVE-2021-20022 (SMA 100..) +47.31%
avatar
Defused@DefusedCyber
2025-06-17
Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2019-1069 (Task Scheduler ..) +205.52% - CVE-2022-27510 (NetScaler ADC..) +133.89% - CVE-2022-27510 (Gateway..) +133.89% - CVE-2019-5591 (FortiOS..) +60.67% - CVE-2024-42057 (Zyxel Firewall..) +47.79%
Show All Tweets
Configuration 1
TypeVendorProduct
AppCitrixgateway
Configuration 2
TypeVendorProduct
OSCitrixapplication_delivery_controller_firmware
ReferenceLink
MITREhttps://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516
MISChttps://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516
INTHEWILDhttps://nvd.nist.gov/vuln/detail/CVE-2022-27510
INTHEWILDhttps://www.at-bay.com/articles/likely-first-exploit-citrix-vulnerability/
[email protected]https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516
HTTPS://SUPPORT.CITRIX.COM/ARTICLE/CTX463706/CITRIX-GATEWAY-AND-CITRIX-ADC-SECURITY-BULLETIN-FOR-CVE202227510-CVE202227513-AND-CVE202227516https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516
CWE IDCWE NameDescription
CWE-288Authentication Bypass Using an Alternate Path or ChannelA product requires authentication, but the product has an alternate path or channel that does not require authentication.
CWE-287Improper AuthenticationWhen an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence Access