• Insights

Citrix Gateway Plug-in for Windows Security Bulletin

Jeff Silverman

2 min read

All Insights

Issue

A vulnerability has been discovered in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows). If exploited, this issue would allow an adversary, who has gained local access to a computer with Citrix Gateway Plug-in installed, to corrupt or delete files as SYSTEM. This issue has the following identifier:

CVD-ID Description CWE Pre-Conditions
CVE-2022-21827 Arbitrary corruption or deletion of files as SYSTEM CWE-284: Improper Access Control Local access to a machine that has the vulnerable plug-in installed


To review all 4 Citrix vulnerabilities announced on April 12th, please read
our digest.

Affected versions

The following supported versions of Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) are affected by this vulnerability:

  • Citrix Gateway Plug-in for Windows versions before 21.9.1.2

Recommended Action

This issue has been addressed in the following versions of Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows):

  • Citrix Gateway Plug-in for Windows version 21.9.1.2 and later releases

Citrix recommends that affected customers upgrade the Citrix Gateway Plug-in installed on their endpoints by taking the following actions as their patching schedule allows:

  1. If Citrix Gateway Plug-in is distributed via the SSL VPN upgrade control feature of Citrix ADC or Citrix Gateway, check the version of Citrix Gateway Plug-in for Windows that is being distributed by each Citrix ADC or Citrix Gateway instance. This can be done using either GUI or by viewing the file located at /var/netscaler/gui/vpn/pluginlist.xml. If it is a vulnerable version, customers must either:
  1. Upgrade the Citrix ADC or Gateway firmware to a version that includes a fixed version of the Plug-in:
  • Citrix ADC and Citrix Gateway 13.1-4.44 and later releases
  • Citrix ADC and Citrix Gateway 13.0-83.29 and later releases
  • Citrix ADC and Citrix Gateway 12.1-63.22 and later releases
  • Citrix ADC and Citrix Gateway 12.1-FIPS 12.1-55.277 and later releases
  • Citrix ADC and Citrix Gateway 12.1-NDcPP 12.1-55.276 and later releases
  1. Or, directly replace the vulnerable plug-in on the Citrix ADC or Gateway firmware without upgrading the firmware by following the instructions at: https://www.citrix.com/downloads/citrix-gateway/plug-ins/citrix-secure-access-client-for-windows.html. Note that this option is only currently available on Citrix ADC and Citrix Gateway 13.1 or 13.0-76.31 and above. Information about the upgrade control feature is detailed at: https://docs.citrix.com/en-us/citrix-gateway/13/vpn-user-config/how-users-connect-with-gateway-plugin.html#control-upgrade-of-citrix-gateway-plug-ins
  1. If Citrix Gateway Plug-in is distributed/upgraded directly onto users’ devices, customers must install a fixed Plug-in on their users’ devices by downloading it from https://www.citrix.com/downloads/citrix-gateway/plug-ins/citrix-secure-access-client-for-windows.html

More Information

https://support.citrix.com/article/CTX341455

For assistance from the Kraft Kennedy team, please contact us.