Monday, December 4, 2023

Hackers Actively Scanning & Constantly Attempt To Exploit Citrix ADC Vulnerabilities

Recently, the Citrix published a set of 11 vulnerabilities in its most popular products that includes Citrix ADC as well, new research found that the hackers are constantly attempting several ways to exploit all these Citrix ADC vulnerabilities.

Out Of the 11 vulnerabilities, there are six possible attacks routes; five of those have barriers to exploitation.

This exploit was a high-risk vulnerability in Citrix ADC devices that allows unauthenticated remote code execution by the remote attackers. Moreover, this vulnerability was discovered in December 2019.

The vulnerabilities attack various Citrix products over the company’s line and range from a comparatively low-risk social elevation of the right defect to more severe code injection and also the cross-site scripting flaws. 

But, the Citrix has plenty of mitigating factors for different kinds of vulnerabilities that make all the possible exploitation more complex. 

Total Number of CVEs

According to the security experts, it is not clear specifically that which CVE was allocated to which vulnerability, but the probable applicants are:-

  • CVE-2020-8191
  • CVE-2020-8193
  • CVE-2020-8194
  • CVE-2020-8195
  • CVE-2020-8196

Affected Products

In total there are 11 products that were affected by this vulnerability, and here they are mentioned below:-

  • Citrix ADC, Citrix Gateway-Information disclosure
  • Citrix ADC, Citrix Gateway 12.0 and 11.1 only-Denial of service
  • Citrix ADC, Citrix Gateway-Local elevation of privileges
  • Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP-Reflected Cross-Site Scripting (XSS)
  • Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP-Authorization bypass
  • Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP-Code Injection
  • Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP-Information disclosure
  • Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP-Information disclosure
  • Citrix ADC, Citrix Gateway-Elevation of privileges
  • Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP-Stored Cross-Site Scripting (XSS)
  • Citrix Gateway Plug-in for Linux-Local elevation of privileges

Affected IPs

The first issue was marked as the most severe one, which allows the attacker to download the malicious files in the affected systems. Currently, the IP address,, is exploited by hackers to execute this malicious event. 

Apart from this, in total there are 16 IP addresses that got affected in this vulnerability, and all these IPs belongs to “hostwindsdns{.}com”:-


There are three of the six potential attacks in CTX276688 that happen in the administration interface of a vulnerable device. Here, the systems expanded in line along with Citrix support, which will now have this interface isolated from the network and will be guarded by a firewall. 

This kind of configuration considerably reduces the risk. Still, Citrix are not publishing most of the technical specifications of the vulnerabilities or patches to limit possible exploitation by the threat actors, who control patch releases for all new targets.

Citrix recommended customers on Citrix SD-WAN WANOP should also pay heed to the advisory just released as ADC is a component within the SD-WAN WANOP deployment. Fixes are available here.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read:

100,000 WordPress Sites Impacted with Cross-Site Scripting(XSS) Flaw

Zoom 0day Vulnerability Let Remote Attacker to Execute Arbitrary Code on Victim’s Computer


Latest articles

Hackers Use Weaponized Documents to Attack U.S. Aerospace Industry

An American aerospace company has been the target of a commercial cyberespionage campaign dubbed...

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles