CVE-2022-27510, CVE-2022-27518 – Measuring Citrix ADC & Gateway version adoption on the Internet

This blog details a methodology to identify exact Citrix ADC and Gateway versions by extracting version-hash values from /vpn/index.html, acquiring Google Cloud Marketplace disk images, using gzip timestamps to infer build dates, and enumerating Citrix download URLs to recover missing builds; the authors mapped hashes to versions and produced internet-wide statistics to assess exposure to CVE-2022-27510 (authentication bypass) and CVE-2022-27518 (unauthenticated remote code execution), noting active exploitation by APT5 and that a non-trivial population of servers remains potentially vulnerable.