Experts claim that many Citrix ADC and Gateway servers are still vulnerable to critical vulnerabilities, which the company reportedly patched weeks ago.
In early November 2022, Citrix discovered and patched an “Unauthorized Access to Gateway User Functionality” vulnerability, tracked as CVE-2022-27510.Affects both products, it allows an attacker to gain authorized access to targeted endpoints (opens in a new tab)take over the device remotely and bypass the brute force login protection of the device.
About a month later, in mid-December, the company fixed an “unauthenticated remote arbitrary code execution” vulnerability, which has since been tracked as CVE-2022-27518. This allows threat actors to remotely execute malicious code on targeted endpoints.
NSA warning
Researchers from NCC Group’s Fox IT team claim that both have a severity score of 9.8/10, and that at least one of them has been abused in the wild as a zero-day vulnerability.
In fact, the US National Security Agency (NSA) warned in early December that a Chinese state-backed hacking group was exploiting the latter flaw as a zero-day security breach.
At the time, in an official blog post, Citrix’s chief security and trust officer, Peter Lefkowitz, claimed that “limited exploitation of the vulnerability has been reported,” without elaborating on the number of attacks or the industries involved.
This group of threat actors, sometimes referred to as Manganese, has apparently explicitly targeted networks running these Citrix applications to breach organizational security without first stealing credentials through social engineering and phishing attacks.
The researchers also said that while most endpoints have been patched since the fix was released, “thousands” of vulnerable servers still exist. As of November 11, 2022, at least 28,000 Citrix servers were found to be at risk.
“We hope this blog raises awareness of these two Citrix CVEs and that our study of version identification contributes to future research,” the researchers concluded.
pass: beep computer (opens in a new tab)