The U.S. National Security Agency (NSA) on Tuesday said a threat actor tracked as APT5 has been actively exploiting a zero-day flaw in Citrix Application Delivery Controller (ADC) and Gateway to take over affected systems.
The critical remote code execution vulnerability, identified as CVE-2022-27518, could allow an unauthenticated attacker to execute commands remotely on vulnerable devices and seize control.
Successful exploitation, however, requires that the Citrix ADC or Citrix Gateway appliance is configured as a SAML service provider (SP) or a SAML identity provider (IdP).
Read the full article here: Hackers Actively Exploiting Citrix ADC and Gateway Zero-Day Vulnerability (thehackernews.com)