Researchers warn of thousands of Citrix Application Delivery Controller (ADC) and Gateway endpoints are still unpatched.
NCC Group’s Fox-IT research team warns of thousands of Citrix ADC and Gateway endpoints remain vulnerable to two critical vulnerabilities, tracked as CVE-2022-27510 and CVE-2022-27518 (CVSS scores: 9.8), that the company addressed in recent months.
CVE-2022-27510 flaw is an authentication bypass using an alternate path or channel. An attacker can trigger it to gain unauthorized access to Gateway user capabilities. The vendor pointed out that only appliances that are operating as a Gateway (appliances using the SSL VPN functionality or deployed as an ICA proxy with authentication enabled) are impacted.
Citrix addressed the flaw on November 8, 2022.
The CVE-2022-27518 flaw is a remote code execution bug that can be exploited by an unauthenticated, remote attacker to gain arbitrary code execution on the vulnerable appliance.
On December 13, the vendor urged administrators to apply security updates for the zero-day vulnerability in ADC and Gateway that was actively exploited by China-linked threat actors to gain access to target networks.
Now researchers at NCC Group’s Fox IT team reported despite most internet-facing endpoints have been updated to versions that fix both issues, thousands of installs remain vulnerable.
The researchers initially scanned the Internet for Citrix servers and found around 28.000 installs as of November 11, 2022.
Unfortunately, the version number of these installs was not included in the HTTP response from the servers. The experts noticed that there is an MD5 hash-like value in the HTTP body when requesting the URL:
/vpn/index.html
Then they downloaded and deployed al ..
Support the originator by clicking the read the rest link below.
