stock.adobe.com

Citrix Releases Patches For Cybersecurity Vulnerability Used to Target Healthcare

HC3 urged healthcare organizations to prioritize patching known cybersecurity vulnerabilities found in the Citrix Application Delivery Controller and Gateway platforms.

Citrix released patches for a critical zero-day cybersecurity vulnerability (CVE-2022-27518) in its Application Delivery Controller (ADC) and Gateway platforms.

HHS knows of healthcare entities that have been compromised by the exploitation of this vulnerability, a sector alert from the Health Sector Cybersecurity Coordination Center (HC3) stated. HC3 urged healthcare and public health organizations to implement these patches immediately.

The vulnerability, which has been known to be exploited by a “highly capable state-sponsored adversary,” allows an unauthenticated party to execute commands remotely on vulnerable devices in order to compromise an entire system.

Specifically, the government is aware of these vulnerabilities being exploited by a Chinese state-sponsored advanced persistent threat (APT) called APT5, as well as UNC2630 and MANGANESE.

“Separately, the US Department of Health and Human Services is aware of U.S. healthcare organizations that have already been compromised by the exploitation of the vulnerability described in this report, although in each case the specific attacker has not yet been identified,” the sector alert noted.

The vulnerability is known to impact the following versions of the Citrix Application Delivery Controller and Gateway:

  • Citrix ADC and Citrix Gateway 13.0 before 13.0-58.32
  • Citrix ADC and Citrix Gateway 12.1 before 12.1-65.25
  • Citrix ADC 12.1-FIPS before 12.1-55.291
  • Citrix ADC 12.1-NDcPP before 12.1-55.291 nec lorem

The National Security Agency (NSA) also released detailed guidance regarding the vulnerability.

“NSA recommends organizations hosting Citrix ADC environments take the following steps as part of their investigation,” the NSA stated.

“Treat these detection mechanisms as independent ways of identifying potentially malicious activity on impacted systems. Artifacts may vary based on the environment and the stage of that activity. As such, NSA recommends investigating any positive result even if other detections return no findings.”

Healthcare organizations should prioritize upgrading all vulnerable instances of Citrix CDA and Gateway as soon as possible. If an organization detects a potential compromise related to these vulnerabilities, it should move all Citrix ADC instances behind a VPN, isolate the Citrix ADC appliances from the environment, and restore the systems to a known good state.

Next Steps

Dig Deeper on Cybersecurity strategies