Friday, March 29, 2024

Hackers Actively Scanning & Constantly Attempt To Exploit Citrix ADC Vulnerabilities

Recently, the Citrix published a set of 11 vulnerabilities in its most popular products that includes Citrix ADC as well, new research found that the hackers are constantly attempting several ways to exploit all these Citrix ADC vulnerabilities.

Out Of the 11 vulnerabilities, there are six possible attacks routes; five of those have barriers to exploitation.

This exploit was a high-risk vulnerability in Citrix ADC devices that allows unauthenticated remote code execution by the remote attackers. Moreover, this vulnerability was discovered in December 2019.

The vulnerabilities attack various Citrix products over the company’s line and range from a comparatively low-risk social elevation of the right defect to more severe code injection and also the cross-site scripting flaws. 

But, the Citrix has plenty of mitigating factors for different kinds of vulnerabilities that make all the possible exploitation more complex. 

Total Number of CVEs

According to the security experts, it is not clear specifically that which CVE was allocated to which vulnerability, but the probable applicants are:-

  • CVE-2020-8191
  • CVE-2020-8193
  • CVE-2020-8194
  • CVE-2020-8195
  • CVE-2020-8196

Affected Products

In total there are 11 products that were affected by this vulnerability, and here they are mentioned below:-

  • Citrix ADC, Citrix Gateway-Information disclosure
  • Citrix ADC, Citrix Gateway 12.0 and 11.1 only-Denial of service
  • Citrix ADC, Citrix Gateway-Local elevation of privileges
  • Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP-Reflected Cross-Site Scripting (XSS)
  • Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP-Authorization bypass
  • Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP-Code Injection
  • Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP-Information disclosure
  • Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP-Information disclosure
  • Citrix ADC, Citrix Gateway-Elevation of privileges
  • Citrix ADC, Citrix Gateway, Citrix SDWAN WANOP-Stored Cross-Site Scripting (XSS)
  • Citrix Gateway Plug-in for Linux-Local elevation of privileges

Affected IPs

The first issue was marked as the most severe one, which allows the attacker to download the malicious files in the affected systems. Currently, the IP address, 13.232.154.46, is exploited by hackers to execute this malicious event. 

Apart from this, in total there are 16 IP addresses that got affected in this vulnerability, and all these IPs belongs to “hostwindsdns{.}com”:-

  • 23.254.164.181
  • 23.254.164.48
  • 43.245.160.163
  • 104.168.166.234
  • 104.168.194.148
  • 142.11.213.254
  • 142.11.227.204
  • 192.119.73.107
  • 192.119.73.108
  • 192.236.162.232
  • 192.236.163.117
  • 192.236.163.119
  • 192.236.192.119
  • 192.236.192.3
  • 192.236.192.5
  • 192.236.192.6

There are three of the six potential attacks in CTX276688 that happen in the administration interface of a vulnerable device. Here, the systems expanded in line along with Citrix support, which will now have this interface isolated from the network and will be guarded by a firewall. 

This kind of configuration considerably reduces the risk. Still, Citrix are not publishing most of the technical specifications of the vulnerabilities or patches to limit possible exploitation by the threat actors, who control patch releases for all new targets.

Citrix recommended customers on Citrix SD-WAN WANOP should also pay heed to the advisory just released as ADC is a component within the SD-WAN WANOP deployment. Fixes are available here.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Also Read:

100,000 WordPress Sites Impacted with Cross-Site Scripting(XSS) Flaw

Zoom 0day Vulnerability Let Remote Attacker to Execute Arbitrary Code on Victim’s Computer

Website

Latest articles

Beware Of Weaponized Air Force invitation PDF Targeting Indian Defense And Energy Sectors

EclecticIQ cybersecurity researchers have uncovered a cyberespionage operation dubbed "Operation FlightNight" targeting Indian government...

WarzoneRAT Returns Post FBI Seizure: Utilizing LNK & HTA File

The notorious WarzoneRAT malware has made a comeback, despite the FBI's recent efforts to...

Google Revealed Kernel Address Sanitizer To Harden Android Firmware And Beyond

Android devices are popular among hackers due to the platform’s extensive acceptance and open-source...

Compromised SaaS Supply Chain Apps: 97% of Organizations at Risk of Cyber Attacks

Businesses increasingly rely on Software as a Service (SaaS) applications to drive efficiency, innovation,...

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed...

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles