Monday, July 15, 2024
EHA

Critical Bugs with Citrix Allow Unauthenticated Code Injection, Privilege Escalation DoS & Data Theft

Citrix patched 11 security flaws with Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP edition. Out of that four bugs can be exploited by an unauthenticated, remote attacker.

Successful exploitation of the attack leads to an unauthenticated attack to the management network, Cross-Site Scripting (XSS) information disclosure, and denial-of-service attacks.

Citrix said that out of 11 vulnerabilities, “there are six possible attack routes; five of those have barriers to exploitation.”

The six possible attack routes can be diminished if systems deployed in line with Citrix recommendations that management interface separated from the network and protected by a firewall.

Citrix also confirms that these vulnerabilities are not related to CVE-2019-19781, which unauthenticated remote attackers to execute arbitrary code on the vulnerable system.

The company also said that they are not aware of any exploitation of these issues. Here you can find the complete list of vulnerabilities.

List of Vulnerabilities

“While these barriers reduce the risk of these vulnerabilities, Citrix strongly recommends the quick application of the supplied patches.”

Citrix not disclosed any technical details about the vulnerability and only released patches to protect our customers.

Users are recommended to update with following versions of Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP remediate the vulnerabilities:

  • Citrix ADC and Citrix Gateway 13.0-58.30 and later releases
  • Citrix ADC and NetScaler Gateway 12.1-57.18 and later 12.1 releases
  • Citrix ADC and NetScaler Gateway 12.0-63.21 and later 12.0 releases
  • Citrix ADC and NetScaler Gateway 11.1-64.14 and later 11.1 releases
  • NetScaler ADC and NetScaler Gateway 10.5-70.18 and later 10.5 releases
  • Citrix SD-WAN WANOP 11.1.1a and later releases
  • Citrix SD-WAN WANOP 11.0.3d and later 11.0 releases
  • Citrix SD-WAN WANOP 10.2.7 and later 10.2 releases
  • Citrix Gateway Plug-in for Linux 1.0.0.137 and later versions.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Website

Latest articles

Critical Cellopoint Secure Email Gateway Flaw Let Attackers Execute Arbitrary Code

A critical vulnerability has been discovered in the Cellopoint Secure Email Gateway, identified as...

Singapore Banks to Phase out OTPs for Bank Account Logins Within 3 Months

The Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS)...

GuardZoo Android Malware Attacking military personnel via WhatsApp To Steal Sensitive Data

A Houthi-aligned group has been deploying Android surveillanceware called GuardZoo since October 2019 to...

ViperSoftX Weaponizing AutoIt & CLR For Stealthy PowerShell Execution

ViperSoftX is an advanced malware that has become more complicated since its recognition in...

Malicious NuGet Campaign Tricking Developers To Inject Malicious Code

Hackers often target NuGet as it's a popular package manager for .NET, which developers...

Akira Ransomware Attacking Airline Industry With Legitimate Tools

Airlines often become the target of hackers as they contain sensitive personal and financial...

DarkGate Malware Exploiting Excel Files And SMB File Shares

DarkGate, a Malware-as-a-Service (MaaS) platform, experienced a surge in activity since September 2023, employing...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles