"Patch ASAP: Critical Citrix, VMware Bugs Threaten Remote Workspaces With Takeover"
Citrix and VMware products have critical authentication-bypass vulnerabilities, threatening devices running remote workspaces with a complete takeover, the vendors have warned. Citrix's CVE-2022-27510 critical bug, with a CVSS vulnerability-severity score of 9.8 out of 10, enables unauthenticated access to Citrix Gateway when the appliance is used as a Secure Sockets Layer (SSL) Virtual Private Network (VPN) solution. In that configuration, it provides access to internal company applications via the Internet from any device, and it provides Single Sign-On (SSO) across applications and devices. Therefore, a successful attacker could easily gain initial access, then burrow deeper into an organization's cloud footprint and wreak havoc across the network due to the flaw. This article continues to discuss the critical Citrix and VMware vulnerabilities threatening remote workspaces.