Threat Advisory

Citrix patches Critical ADM vulnerability

June 27, 2022 | By Accorian

Citrix recently released a patch for a critical vulnerability in its Application Delivery Management (ADM) which is a web-based solution that provides admins with a centralized cloud-based console for managing deployments. The vulnerability if exploited can allow an attacker to reset the admin password. It affects all supported versions of the Citrix ADM server and Citrix ADM agent. The affected builds are: 

  • Citrix ADM 13.1 before 13.1-21.53 
  • Citrix ADM 13.0 before 13.0-85.19

The vulnerability has been assigned CVE-2022-27511 and is tracked as an Improper Access Control weakness. According to Citrix, the issue can be abused to trigger the reset of the administrator password at the next device reboot option. Subsequently, allowing an attacker with SSH access to connect with the default administrator credentials after the device has rebooted. 

Citrix has resolved this issue for the customers using the cloud-based Citrix ADM service. For the on-premises users, the company has urged them to apply patches at the earliest. Citrix has provided detailed documentation on how to upgrade ADM servers here

Accorian recommends ensuring that the latest patches have been installed along with the workarounds released by Citrix. Accorian can help identify this vulnerability in your environment.  


Recent Post

Ready to Start?

Ready to Start?​

Drop your CVs to

Interested Position

Download Case study

Download SOC2 Guide