Vulnerability Details : CVE-2022-27513
Remote desktop takeover via phishing
Exploit prediction scoring system (EPSS) score for CVE-2022-27513
Probability of exploitation activity in the next 30 days: 0.17%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 54 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2022-27513
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.6
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
2.8
|
6.0
|
NIST |
8.3
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H |
1.6
|
6.0
|
Citrix Systems, Inc. |
CWE ids for CVE-2022-27513
-
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.Assigned by:
- nvd@nist.gov (Primary)
- secure@citrix.com (Secondary)
References for CVE-2022-27513
-
https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516
Citrix Gateway and Citrix ADC Security Bulletin for CVE-2022-27510 CVE-2022-27513 and CVE-2022-27516Vendor Advisory
Products affected by CVE-2022-27513
- Citrix » Application Delivery Controller Firmware »Versions from including (>=) 12.1 and before (<) 12.1-65.21cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:-:*:*:*
- Citrix » Application Delivery Controller Firmware »Versions from including (>=) 13.0 and before (<) 13.0-88.12cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:-:*:*:*
- Citrix » Application Delivery Controller Firmware » Ndcpp EditionVersions from including (>=) 12.1 and before (<) 12.1-55.289cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:ndcpp:*:*:*
- Citrix » Application Delivery Controller Firmware » Fips EditionVersions from including (>=) 12.1 and before (<) 12.1-55.289cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:fips:*:*:*
- Citrix » Application Delivery Controller Firmware »Versions from including (>=) 13.1 and before (<) 13.1-33.47cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:-:*:*:*
- cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*
- cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*
- cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:*