{"api_version":"1","generated_at":"2026-04-23T06:21:43+00:00","cve":"CVE-2022-27511","urls":{"html":"https://cve.report/CVE-2022-27511","api":"https://cve.report/api/cve/CVE-2022-27511.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-27511","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-27511"},"summary":{"title":"CVE-2022-27511","description":"Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted.","state":"PUBLIC","assigner":"secure@citrix.com","published_at":"2022-06-16 19:15:00","updated_at":"2023-07-18 13:54:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512","name":"https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512","refsource":"MISC","tags":[],"title":"Citrix Application Delivery Management Security Bulletin for CVE-2022-27511 and CVE-2022-27512","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-27511","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-27511","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"27511","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"citrix","cpe5":"application_delivery_management","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-27511","qid":"150583","title":"Citrix Application Delivery Management (ADM) Multiple Vulnerablities (CVE-2022-27511, CVE-2022-27512)"},{"cve":"CVE-2022-27511","qid":"376680","title":"Citrix ADM Disruption of Service Vulnerability (CTX460016)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secure@citrix.com","DATE_PUBLIC":"2022-06-14T16:47:00.000Z","ID":"CVE-2022-27511","STATE":"PUBLIC","TITLE":"Corruption of the system by a remote, unauthenticated user potentially leading to the reset of the administrator password "},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Citrix Application Delivery Management (Citrix ADM)","version":{"version_data":[{"version_affected":"<","version_value":"13.1-21.53"},{"version_affected":"<","version_value":"13.0-85.19"}]}}]},"vendor_name":"Citrix"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted."}]},"generator":{"engine":"Vulnogram 0.0.9"},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-284 Improper Access Control"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512","name":"https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512"}]},"source":{"discovery":"UNKNOWN"}},"nvd":{"publishedDate":"2022-06-16 19:15:00","lastModifiedDate":"2023-07-18 13:54:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:C/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"COMPLETE","availabilityImpact":"NONE","baseScore":7.8},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:citrix:application_delivery_management:*:*:*:*:*:*:*:*","versionStartIncluding":"13.1","versionEndExcluding":"13.1-21.53","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:citrix:application_delivery_management:*:*:*:*:*:*:*:*","versionEndExcluding":"13.0-85.19","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}