[Nulled] » Information security » Thousands of Citrix ADC and Gateway servers remain
January 16 2023

Thousands of Citrix ADC and Gateway servers remain

web3 16-01-2023, 12:06 Information security 328

Thousands of Citrix ADC and Gateway servers remain vulnerable to two major vulnerabilities fixed recently.

The first CVE-2022-27510 was fixed on November 8 and represents an authentication bypass affecting both Citrix products.

An attacker can use it to gain unauthorized access to a device, hijack a remote desktop, or bypass security to log in.

The second bug tracked as CVE-2022-27518 was disclosed and fixed on December 13. It allows unauthorized attackers to remotely execute commands on vulnerable devices and gain control over them.

The attackers were already actively using it at the time when Citrix released the fixes.

Despite the released updates, Fox NCC Group resellers report that thousands of deployments remain vulnerable to attacks.

On November 11, 2022, Fox specialists scanned the global network and found a total of 28,000 Citrix servers on the network.

Based on the results of comparing product versions, as of December 28, 2022, they found that most users use version 13.0–88.14, which is not affected by bugs. 

The second most popular version was 12.1-65.21, which is vulnerable to CVE-2022-27518 under certain conditions, identified on 3,500 endpoints.

In order for them to be attacked, a SAML SP or IdP configuration is required, which means that not all 3500 systems were vulnerable to CVE-2022-27518.

In addition, there are more than 1,000 servers vulnerable to CVE-2022-27510, and approximately 3,000 endpoints potentially vulnerable to both critical errors.

The third place was taken by deployments that return hashes with unknown Citrix version numbers. There are more than 3,500 servers, which may or may not be vulnerable to any vulnerability.

As for the speed of patch installation, the resellers note the prompt reaction of users in the USA, Germany, Canada, Australia and Switzerland to the publication of relevant security recommendations.

In general, Fox statistics show that many companies still have a lot of work to do to eliminate all security gaps, as well as hackers, who still have a large enough gap to plan and carry out attacks.

Information

Visitors who are in the group Guests they can't download files.
Log in to the site under your login and password or if you are a new user go through the process registrations on the website.

Comments:

This publication has no comments yet. You can be the first!

Information the publication:

  • Author of the publication: web3
  • Date of publication: 16 January 2023 12:06
  • Publication category(s): Information security
  • Number of views of the publication: 328
  • Number of comments to the publication: 0

Related News

16 January 2023
Information security
Most Cacti installations

Most Cacti installations on the Internet are not fixed and are vulnerable to a critical RCE error, which is

Read more
16 January 2023
Information security
Critical CVE-2022-44877

Critical CVE-2022-44877 with a severity rating of 9.8 out of 10, recently fixed in the Control Web Panel (formerly

Read more
16 January 2023
Information security
The first January ICS

The first January ICS fixes came up with a dozen security recommendations from Siemens and Schneider Electric,

Read more
16 January 2023
Information security
In their latest report,

In their latest report, Crowdstrike report how Scattered Spider tried to implement BYOVD using an old Intel driver

Read more
16 January 2023
Information security
Experts warn of a

Experts warn of a critical vulnerability of the Linux kernel of 10 points on the CVSS scale, which affects SMB

Read more

Information

Users of 🆅🅸🆂🅸🆃🅾🆁 are not allowed to comment this publication.

Site Search

Site Menu


☑ Websites Scripts

Calendar

«    November 2024    »
MonTueWedThuFriSatSun
 123
45678910
11121314151617
18192021222324
252627282930 

Advertisement

Survey on the website

Evaluate the work of the site
 

Statistics

  • +14 Total articles 6747
  • +14 Comments 4077
  • +24 Users : 5841