Saturday, November 9, 2024
HomeCyber Security NewsHackers Actively Exploiting Big-IP and Citrix Vulnerabilities

Hackers Actively Exploiting Big-IP and Citrix Vulnerabilities

Published on

Malware protection

Experts issued security alerts concerning the ongoing exploitation of Big-IP (CVE-2023-46747, CVE-2023-46748) and Citrix (CVE-2023-4966) vulnerabilities.

The publicly available Proof of Concepts (POCs) for these vulnerabilities were rapidly circulated in cybercrime forums.

Over 20,000 “Netscaler” instances and 1,000 “Big IP” instances are available online.

- Advertisement - SIEM as a Service

These systems might be attractive targets for attackers and might be exposed to current security flaws, according to Cyble researchers.

Details of the BIG IP Vulnerabilities:

The vulnerability, identified as CVE-2023-46747, allows an attacker having network access to the BIG-IP system over the management port and/or self-IP addresses to execute arbitrary system instructions.

Undisclosed requests could bypass configuration utility authentication.

The next vulnerability is tracked as CVE-2023-46748 in the BIG-IP Configuration utility. It allows an authenticated attacker to execute arbitrary system commands if they have network access to the Configuration utility through the BIG-IP management port or self-IP addresses.

BIG-IP
Top 5 Countries with the highest count of Internet-exposed BIG-IP Instances

F5 BIG-IP Virtual Edition is linked to CVE-2023-46747 and CVE-2023-46748. F5 has identified threat actors as using the CVE-2023-46747 vulnerability to launch attacks that take advantage of CVE-2023-46748.

Praetorian Labs security professionals found these vulnerabilities and made the information public on October 26, 2023.

They discovered an authentication bypass flaw that had the ability to result in a full compromise of F5 systems with an exposed Traffic Management User Interface (TMUI).

BIG-IP Versions Known to be Vulnerable:

  • 17.1.0
  • 16.1.0 – 16.1.4
  • 15.1.0 – 15.1.10
  • 14.1.0 – 14.1.5
  • 13.1.0 – 13.1.5
Document
Protect Your Storage With SafeGuard

Is Your Storage & Backup Systems Fully Protected? – Watch 40-second Tour of SafeGuard

StorageGuard scans, detects, and fixes security misconfigurations and vulnerabilities across hundreds of storage and backup devices.

Mitigation

To mitigate this issue, you can run the script provided in the F5 advisory for BIG-IP versions 14.1.0 and later.

Citrix Vulnerability

With a critical CVSS score of 9.4, CVE-2023-4966 is categorized as a “sensitive information disclosure” vulnerability. Its elevated score for an information disclosure vulnerability makes it noteworthy.

NetScaler
Top 5 Countries with the highest count of Internet-exposed NetScaler Instances

Researchers at Assetnote examined and documented the exploitation of CVE-2023-4966.

Vulnerable Software Version(s)

  • NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50
  • NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.15
  • NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.19
  • NetScaler ADC 13.1-FIPS before 13.1-37.164
  • NetScaler ADC 12.1-FIPS before 12.1-55.300
  • NetScaler ADC 12.1-NDcPP before 12.1-55.300

Mitigation

Customers of NetScaler ADC and NetScaler Gateway are strongly encouraged by Citrix to install the appropriate upgraded versions of these products as soon as possible:

  • NetScaler ADC and NetScaler Gateway 14.1-8.50 and later releases
  • NetScaler ADC and NetScaler Gateway 13.1-49.15  and later releases of 13.1
  • NetScaler ADC and NetScaler Gateway 13.0-92.19 and later releases of 13.0 
  • NetScaler ADC 13.1-FIPS 13.1-37.164 and later releases of 13.1-FIPS 
  • NetScaler ADC 12.1-FIPS 12.1-55.300 and later releases of 12.1-FIPS 
  • NetScaler ADC 12.1-NDcPP 12.1-55.300 and later releases of 12.1-NDcPP

Since attackers are currently targeting the vulnerabilities, it is recommended that mitigations be applied as soon as possible.

Patch Manager Plus, the one-stop solution for automated updates of over 850 third-party applications: Try Free Trial.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

CISA Warns of Critical Palo Alto Networks Vulnerability Exploited in Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns organizations of a critical vulnerability...

Cisco Desk Phone Series Vulnerability Lets Remote Attacker Access Sensitive Information

A significant vulnerability (CVE-2024-20445) has been discovered in Cisco Desk Phone 9800 Series, IP...

Cisco Flaw Let Attackers Run Command as Root User

A critical vulnerability has been discovered in Cisco Unified Industrial Wireless Software, which affects...

Researchers Detailed Credential Abuse Cycle

The United States Department of Justice has unsealed an indictment against Anonymous Sudan, a...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

CISA Warns of Critical Palo Alto Networks Vulnerability Exploited in Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns organizations of a critical vulnerability...

Cisco Desk Phone Series Vulnerability Lets Remote Attacker Access Sensitive Information

A significant vulnerability (CVE-2024-20445) has been discovered in Cisco Desk Phone 9800 Series, IP...

Cisco Flaw Let Attackers Run Command as Root User

A critical vulnerability has been discovered in Cisco Unified Industrial Wireless Software, which affects...