Citrix ADC and Gateway Zero-Day Vulnerability Exploited by APT5

Threat Level

Attack Report

For a detailed threat advisory, download the pdf file here

Summary

Patch Tuesday for December tackles two zero-day vulnerabilities, one of which is being actively exploited (CVE-2022-44698) and another that was publicly disclosed at the time of release (CVE-2022-44710), along with the additional critical flaws that could result in Remote Code Execution, Elevation of Privilege (EoP), Security Feature Bypass, and Spoofing.