1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Thousands of Citrix servers could be at risk of attack

    From TechnologyDaily@1337:1/100 to All on Thu Dec 29 18:30:03 2022
    Thousands of Citrix servers could be at risk of attack

    Date:
    Thu, 29 Dec 2022 18:20:08 +0000

    Description:
    Many servers remain unpatched and thus vulnerable to high-severity flaws.

    FULL STORY ======================================================================

    Many Citrix ADC and Gateway servers remain vulnerable to high-severity flaws that were reportedly patched by the company weeks ago, experts have claimed.

    In early November 2022, Citrix uncovered and patched an Unauthorized access
    to Gateway user capabilities flaw, since tracked as CVE-2022-27510. Affecting both products, it allows an attacker to gain authorized access to target endpoints , take over the devices remotely, and bypass the devices brute
    force login protection.

    Roughly a month later, in mid-December, the company fixed an Unauthenticated remote arbitrary code execution flaw, since tracked as CVE-2022-27518. This one allows threat actors to execute malicious code on the target endpoint, remotely. NSA warning

    Both have a 9.8/10 severity score, and at least one of them was abused in the wild as a zero-day, researchers from NCC Groups Fox IT team claim.

    In fact, the US National Security Agency (NSA) warned in early December, that a hacking collective backed by the Chinese state was exploiting the latter vulnerability as a zero-day security flaw.

    Back then, in an official blog post, chief security and trust officer at Citrix Peter Lefkowitz claimed that limited exploits of this vulnerability have been reported, but did not elaborate on the number of attacks or the industries involved.

    Sometimes referred to as Manganese, this group of threat actors has
    apparently explicitly targeted networks running these Citrix applications to break through organizational security without first having to steal credentials via social engineering and phishing attacks. Read more

    Citrix urges admins to patch these dangerous flaws immediately


    NSA warns Citrix devices are under attack from Chinese hackers, so update
    now


    Check out the best SMB server options at the moment

    The researchers have also said that while the majority of endpoints had been patched since the release of the fixes, there are thousands of vulnerable servers out there. As of November 11 2022, at least 28,000 Citrix servers
    were found to have been at risk.

    We hope this blog creates extra awareness for these two Citrix CVEs and that our research on version identification contributes to future studies, the researchers concluded. These are the best firewalls around

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/thousands-of-citrix-servers-could-be-at-risk-of -attack


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)