Citrix informed customers on Tuesday that it has patched 11 vulnerabilities in its ADC, Gateway, and SD-WAN networking products, and highlighted that the flaws are not related to CVE-2019-19781, which has been exploited in many attacks.
After publishing a security advisory describing the vulnerabilities, Citrix also published a blog post written by its CISO, Fermin J. Serna, in an effort to “avoid confusion and limit the potential for misinterpretation in the industry and our customer set.”
Serna pointed out that these newly patched vulnerabilities are not related to CVE-2019-19781, which hackers started exploiting in January, shortly after the flaw was disclosed. That security hole was exploited by both profit-driven cybercriminals and state-sponsored threat actors, and it caused a lot of problems for many organizations.
For CVE-2019-19781, Citrix initially released temporary mitigations due to the high risk of exploitation and released permanent patches only weeks later. In the case of the latest vulnerabilities, the company noted that they are fully addressed by the patches and it has found no evidence of malicious exploitation. The likelihood of exploitation is also considered lower.
The newly patched vulnerabilities affect Citrix ADC, Gateway, and the SD-WAN WAN Optimization (WANOP) edition, and they can be exploited for obtaining information, launching DoS attacks, local privilege escalation, XSS attacks, authorization bypass, and code injection.
While some of the ..
Support the originator by clicking the read the rest link below.
