Patch ASAP: Critical Citrix, VMware Bugs Threaten Remote Workspaces With Takeover

Hole-y software alert, Batman: Cybercriminal faves Citrix Gateway and VMware Workspace ONE have authentication-bypass bugs that could offer up total access to attackers.

Critical authentication-bypass vulnerabilities in Citrix and VMware offerings are threatening devices running remote workspaces with complete takeover, the vendors warned this week.
Admins should prioritize patching, given the history of exploitation that both vendors have. Both disclosures
prompted CISA alerts
on Wednesday.
As for Citrix, a critical bug tracked as
CVE-2022-27510
(with a CVSS vulnerability-severity score of 9.8 out of 10) allows unauthenticated access to Citrix Gateway when the appliance is used as an SSL VPN solution. In that configuration, it gives access to internal company applications from any device via the Internet, and it offers single sign-on across applications and devices. In other words, the flaw would give a successful attacker the means to easily gain initial access, then burrow deeper into an organizations cloud footprint and wreak havoc across the network.
Citrix also noted in the advisory that its Application Delivery Controller (ADC) product, which is used to provide admin visibility into applications across multiple cloud instances, is vulnerable to remote desktop takeover (CVE-2022-27513, CVSS 8.3), and brute force protection bypass (CVE-2022-27516, CVSS 5.3).
Tenable researcher Satnam Narang noted that Citrix Gateway and ADC, thanks to how many parts of an organization they provide entrée into, are always favorite targets for cybercriminals, so patching now is important.
Citrix ADC and Gateways have been routinely targeted by a number of threat actors over the last few years through the exploitation of CVE-2019-19781, a critical path traversal vulnerability that was
first disclosed
in December 2019 and subsequently exploited
beginning in January 2020
after exploit scripts for the flaw became publicly available, he wrote in a
Wednesday blog
.
CVE-2019-19781 has been leveraged by
state-sponsored threat actors
with ties to China and Iran, as part of ransomware attacks against various entities including the healthcare sector, and was recently included as part of an updated list of the top vulnerabilities exploited by the People’s Republic of China state-sponsored actors from early October, Narang continued.
Users should update ASAP to Gateway versions 13.1-33.47, 13.0-88.12, and 12.1-65.21 to patch the latest issues.
VMware meanwhile has reported three authentication-bypass bugs, all in its Workspace ONE Assist for Windows. The bugs (CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687, all with CVSS 9.8) allow both local and remote attackers to gain administrative access privileges without the need to authenticate, giving them full run of targeted devices.
Workspace ONE Assist is a remote desktop product thats mainly used by tech support to troubleshoot and fix IT issues for employees from afar; as such, it operates with the highest levels of privilege, potentially giving remote attackers an ideal initial access target and pivot point to other corporate resources.
VMware also disclosed two additional vulnerabilities in Workspace ONE Assist. One is a cross-site scripting (XSS) flaw (CVE-2022-31688, CVSS 6.4), and the other (CVE-2022-31689, CVSS 4.2) allows a malicious actor who obtains a valid session token to authenticate to the application using that token, according to the vendors
Tuesday advisory
.
Like Citrix, VMware has a history of being targeted by cybercriminals. A critical vulnerability in Workspace ONE Access (used for delivering corporate applications to remote employees) tracked as CVE-2022-22954 disclosed in April was almost immediately followed by a proof-of-concept (PoC) exploit released on GitHub and tweeted out to the world. Unsurprisingly, researchers from multiple security firms started seeing probes and exploit attempts very soon thereafter — with the ultimate goal of infecting targets with
various botnets
or establishing a backdoor via
Log4Shell
.
Users should update to version 22.10 of Workspace ONE Assist to patch all of the most recently disclosed problems.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Patch ASAP: Critical Citrix, VMware Bugs Threaten Remote Workspaces With Takeover