Thousands of Citrix servers could be at risk of attack

Many Citrix ADC and Gateway servers remain vulnerable to high-severity flaws that were reportedly patched by the company weeks ago, experts...

Many Citrix ADC and Gateway servers remain vulnerable to high-severity flaws that were reportedly patched by the company weeks ago, experts have claimed.

In early November 2022, Citrix uncovered and patched an “Unauthorized access to Gateway user capabilities” flaw, since tracked as CVE-2022-27510. Affecting both products, it allows an attacker to gain authorized access to target endpoints, take over the devices remotely, and bypass the device’s brute force login protection.

Roughly a month later, in mid-December, the company fixed an “Unauthenticated remote arbitrary code execution” flaw, since tracked as CVE-2022-27518. This one allows threat actors to execute malicious code on the target endpoint, remotely.

NSA warning

Both have a 9.8/10 severity score, and at least one of them was abused in the wild as a zero-day, researchers from NCC Group’s Fox IT team claim.

In fact, the US National Security Agency (NSA) warned in early December, that a hacking collective backed by the Chinese state was exploiting the latter vulnerability as a zero-day security flaw. 

Back then, in an official blog post, chief security and trust officer at Citrix Peter Lefkowitz claimed that “limited exploits of this vulnerability have been reported,” but did not elaborate on the number of attacks or the industries involved.

Sometimes referred to as Manganese,  this group of threat actors has apparently explicitly targeted networks running these Citrix applications to break through organizational security without first having to steal credentials via social engineering and phishing attacks. 

The researchers have also said that while the majority of endpoints had been patched since the release of the fixes, there are “thousands” of vulnerable servers out there. As of November 11 2022, at least 28,000 Citrix servers were found to have been at risk.

“We hope this blog creates extra awareness for these two Citrix CVEs and that our research on version identification contributes to future studies,” the researchers concluded.

Via: BleepingComputer



from TechRadar - All the latest technology news https://ift.tt/5jYPZCk
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,183,Video,5,XIAOMI,13,YouTube - 9to5Google,182,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Thousands of Citrix servers could be at risk of attack
Thousands of Citrix servers could be at risk of attack
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2022/12/thousands-of-citrix-servers-could-be-at.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2022/12/thousands-of-citrix-servers-could-be-at.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy