Citrix released an update covering multiple vulnerabilities in Citrix Endpoint Management (CEM) also referred to as XenMobile. Chaining the vulnerabilities allows an unauthenticated remote attacker to gain control over the Citrix Endpoint Management (CEM) server.
The vulnerabilities can be tracked as CVE-2020-8208, CVE-2020-8209, CVE-2020-8210, CVE-2020-8211, and CVE-2020-8212.
The vulnerability impacts vary between the specific version of the software that is used and to exploit the vulnerability no authorization was needed.
An unauthenticated attacker can exploit the vulnerability by using a specially crafted URL that allows gaining access for sensitive data such as configuration files and encryption keys.
Following versions of Citrix Endpoint Management(CEM) affected with critical severity vulnerabilities
Following are the versions affected by medium and low severity vulnerabilities
Citrix recommends users with versions 10.9, 10.10, 10.11, and 10.12 to apply for the latest rolling patches and version prior to 10.9.x are recommended to upgrade with the supported version.
“We recommend these upgrades be made immediately. While there are no known exploits as of this writing, we do anticipate malicious actors will move quickly to exploit.”
Citrix said that the cloud version of XenMobile is already patched, “but hybrid rights users need to apply the upgrades to any on-premises instance.”
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
Also Read:
Hackers Actively Scanning & Constantly Attempt To Exploit Citrix ADC Vulnerabilities
EclecticIQ cybersecurity researchers have uncovered a cyberespionage operation dubbed "Operation FlightNight" targeting Indian government entities and energy companies. The attackers,…
The notorious WarzoneRAT malware has made a comeback, despite the FBI's recent efforts to dismantle its operations. Initially detected in…
Android devices are popular among hackers due to the platform’s extensive acceptance and open-source nature. However, it has a big…
Businesses increasingly rely on Software as a Service (SaaS) applications to drive efficiency, innovation, and growth. However, this shift towards…
A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed light on the growing concerns within…
Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse engineering .NET malware. The write-up outlines…