CVE-2022-27511 - OpenCVE

Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Complete

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:C/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Citrix	Application Delivery Management

Configuration 1 [-]

OR	cpe:2.3:a:citrix:application_delivery_management::::::::
	cpe:2.3:a:citrix:application_delivery_management::::::::

No data.

References

Link	Providers
https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512

History

Tue, 17 Sep 2024 01:15:00 +0000

Type	Values Removed	Values Added
Title	Corruption of the system by a remote, unauthenticated user potentially leading to the reset of the administrator password	Corruption of the system by a remote, unauthenticated user potentially leading to the reset of the administrator password

MITRE

Status: PUBLISHED

Assigner: Citrix

Published: 2022-06-16T18:53:14.582634Z

Updated: 2024-09-17T01:10:57.643Z

Reserved: 2022-03-21T00:00:00

Link: CVE-2022-27511

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-06-16T19:15:07.773

Modified: 2023-07-18T13:54:38.100

Link: CVE-2022-27511

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Citrix Application Delivery Management (Citrix ADM)", "vendor": "Citrix", "versions": [{"lessThan": "13.1-21.53", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "13.0-85.19", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2022-06-14T00:00:00", "descriptions": [{"lang": "en", "value": "Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-16T18:53:14", "orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "shortName": "Citrix"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512"}], "source": {"discovery": "UNKNOWN"}, "title": "Corruption of the system by a remote, unauthenticated user potentially leading to the reset of the administrator password", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@citrix.com", "DATE_PUBLIC": "2022-06-14T16:47:00.000Z", "ID": "CVE-2022-27511", "STATE": "PUBLIC", "TITLE": "Corruption of the system by a remote, unauthenticated user potentially leading to the reset of the administrator password"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Citrix Application Delivery Management (Citrix ADM)", "version": {"version_data": [{"version_affected": "<", "version_value": "13.1-21.53"}, {"version_affected": "<", "version_value": "13.0-85.19"}]}}]}, "vendor_name": "Citrix"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284 Improper Access Control"}]}]}, "references": {"reference_data": [{"name": "https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512", "refsource": "MISC", "url": "https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:32:59.180Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512"}]}]}, "cveMetadata": {"assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "assignerShortName": "Citrix", "cveId": "CVE-2022-27511", "datePublished": "2022-06-16T18:53:14.582634Z", "dateReserved": "2022-03-21T00:00:00", "dateUpdated": "2024-09-17T01:10:57.643Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:citrix:application_delivery_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCC11B29-AF64-4FE8-96BD-6022C9D05E33", "versionEndExcluding": "13.0-85.19", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:application_delivery_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A59B4F8-E3A4-41E7-AD9A-79ED1F2AD826", "versionEndExcluding": "13.1-21.53", "versionStartIncluding": "13.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted."}, {"lang": "es", "value": "Una corrupci\u00f3n del sistema por parte de un usuario remoto no autenticado. El impacto de esto puede incluir el restablecimiento de la contrase\u00f1a de administrador en el siguiente reinicio del dispositivo, permitiendo a un atacante con acceso ssh conectarse con las credenciales de administrador por defecto despu\u00e9s de que el dispositivo se haya reiniciado"}], "id": "CVE-2022-27511", "lastModified": "2023-07-18T13:54:38.100", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-16T19:15:07.773", "references": [{"source": "secure@citrix.com", "tags": ["Vendor Advisory"], "url": "https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512"}], "sourceIdentifier": "secure@citrix.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "secure@citrix.com", "type": "Secondary"}]}