Cybercriminals Scan Network For Vulnerable Citrix Systems

✨ Megiddo

✨ President ✨
Staff member
Joined
May 15, 2016
Messages
3,878
Likes
2,573
Points
1,730
Citrix previously fixed 11 vulnerabilities in its Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP products.

4c3a5a4b4ddf4d6eb1210feff4dfc55b.jpg


Cybercriminals allegedly scan the Internet for Citrix systems containing recently discovered vulnerabilities. A few days ago, SecurityLab wrote that Citrix fixed 11 vulnerabilities in its products Citrix ADC (formerly NetScaler ADC), Citrix Gateway (formerly NetScaler Gateway) and Citrix SD-WAN WANOP (models 4000-WO, 4100-WO, 5000- WO and 5100-WO). Problems can be exploited for privilege escalation, authorization bypass, code injection, and DoS and XSS attacks.

Although some of the vulnerabilities could be exploited remotely without authentication, the provider noted that exploiting many problems requires access to the target system, user interaction, or other preconditions.

According to Citrix specialist Fermin J. Serna on the company's blog, recently discovered vulnerabilities are less dangerous compared to the critical issue (CVE-2019-19781) identified in December last year. According to Serna, the new problems are completely eliminated by corrections, unlike CVE-2019-19781, for which the company initially issued only temporary measures to prevent the exploitation of the vulnerability.

Johannes Ullrich, a specialist at SANS Institute of Technology, said his hanipot, designed to intercept attacks on F5 Networks' BIG-IP systems, recorded attempts to exploit two recently discovered vulnerabilities in Citrix products. Attackers tried to download files and gain access to confidential information. According to the expert, the attacks were carried out as part of a network scan for vulnerable Citrix systems. It remains unknown which of the 11 problems are targeted, but Ulrich considers the most likely candidates CVE-2020-8195 and CVE-2020-8196. Both problems are disclosure vulnerabilities, and their operation requires authentication by NSIP, the IP address at which the Citrix ADC can be accessed for management.
__________________
 
Top Bottom