Experts claim that many Citrix ADC or Gateway servers are still vulnerable even though they were patched weeks ago.
Citrix discovered and patched the flaw “Unauthorized access Gateway user capabilities” in early November 2022. Since then, it has been identified as CVE-2022-227510. It affects both products and allows the attacker to gain access to the target. endpoints(Opens in new tab)You can remotely seize devices and bypass the brute force login protection.
A month later, in mid December, the company fixed an “unauthenticated remote code execution” flaw. This vulnerability has been identified as CVE-2022-27618. This allows threat actors remotely to execute malicious code on the targeted device.
Warning from National Security Agency
Researchers from Fox IT, NCC Group, claim that at least one of them was abused in the wild as an eagle, with a severity score 9.8/10.
The US National Security Agency (NSA), however, warned in December that a Chinese state-backed hacking organization was exploiting the vulnerability as a zero day vulnerability.
Citrix’s chief safety and trust officer Peter Lefkowitz stated that “limited exploits of this vulnerability have been reported”, but didn’t specify how many or what industries were involved.
This group of threat actors is sometimes called Manganese. They have explicitly targeted Citrix applications networks to breach organizational security.
Researchers stated that while most endpoints have been fixed since the fixes were made, there are still thousands of servers at high risk. As of November 11, 2022 at least 28,000 Citrix server were at risk.
The researchers concluded that they hoped that the blog would increase awareness of the Citrix CVEs, and that their research on versioning would contribute to future studies.
Through: Computer(Opens in new tab)
Source link
[Denial of responsibility! reporterbyte.com is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – reporterbyte.com The content will be deleted within 24 hours.]
