Threat Advisory

Citrix patches Critical ADM vulnerability

June 27, 2022 | By Accorian

Citrix recently released a patch for a critical vulnerability in its Application Delivery Management (ADM) which is a web-based solution that provides admins with a centralized cloud-based console for managing deployments. The vulnerability if exploited can allow an attacker to reset the admin password. It affects all supported versions of the Citrix ADM server and Citrix ADM agent. The affected builds are: 

  • Citrix ADM 13.1 before 13.1-21.53 
  • Citrix ADM 13.0 before 13.0-85.19

The vulnerability has been assigned CVE-2022-27511 and is tracked as an Improper Access Control weakness. According to Citrix, the issue can be abused to trigger the reset of the administrator password at the next device reboot option. Subsequently, allowing an attacker with SSH access to connect with the default administrator credentials after the device has rebooted. 

Citrix has resolved this issue for the customers using the cloud-based Citrix ADM service. For the on-premises users, the company has urged them to apply patches at the earliest. Citrix has provided detailed documentation on how to upgrade ADM servers here

Accorian recommends ensuring that the latest patches have been installed along with the workarounds released by Citrix. Accorian can help identify this vulnerability in your environment.  


Recent Post

    Ready to Start?

      Ready to Start?

        Download Case study

          Download Guide

          Human Resources Director

          Posted On: 09 May, 2022

          Drop your CVs to

            Interested Position

            First Name

            Last Name


            Total Experience

            Mobile Number

            Upload Resume