Thousands of Citrix servers could be at risk of attack

By Krishna Rao On Dec 30, 2022

How is eBPF Revolutionizing Kubernetes Scaling

Jan 20, 2024

Seamless CI/CD Integration: The Role of Monitoring as Code

Dec 11, 2023

Many Citrix ADC and Gateway servers remain vulnerable to high-severity flaws that were reportedly patched by the company weeks ago, experts have claimed.

In early November 2022, Citrix uncovered and patched an “Unauthorized access to Gateway user capabilities” flaw, since tracked as CVE-2022-27510. Affecting both products, it allows an attacker to gain authorized access to target endpoints (opens in new tab), take over the devices remotely, and bypass the device’s brute force login protection.

Roughly a month later, in mid-December, the company fixed an “Unauthenticated remote arbitrary code execution” flaw, since tracked as CVE-2022-27518. This one allows threat actors to execute malicious code on the target endpoint, remotely.

NSA warning

Both have a 9.8/10 severity score, and at least one of them was abused in the wild as a zero-day, researchers from NCC Group’s Fox IT team claim.

In fact, the US National Security Agency (NSA) warned in early December, that a hacking collective backed by the Chinese state was exploiting the latter vulnerability as a zero-day security flaw.

Back then, in an official blog post, chief security and trust officer at Citrix Peter Lefkowitz claimed that “limited exploits of this vulnerability have been reported,” but did not elaborate on the number of attacks or the industries involved.

Sometimes referred to as Manganese, this group of threat actors has apparently explicitly targeted networks running these Citrix applications to break through organizational security without first having to steal credentials via social engineering and phishing attacks.

The researchers have also said that while the majority of endpoints had been patched since the release of the fixes, there are “thousands” of vulnerable servers out there. As of November 11 2022, at least 28,000 Citrix servers were found to have been at risk.

“We hope this blog creates extra awareness for these two Citrix CVEs and that our research on version identification contributes to future studies,” the researchers concluded.

Via: BleepingComputer (opens in new tab)

Read original article here

Denial of responsibility! TechnoCodex is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – [email protected]. The content will be deleted within 24 hours.