[Nulled] » Information security » Thousands of Citrix ADC and Gateway servers remain
January 16 2023

Thousands of Citrix ADC and Gateway servers remain

web3 16-01-2023, 12:06 Information security 232
0 comment

Thousands of Citrix ADC and Gateway servers remain vulnerable to two major vulnerabilities fixed recently.

The first CVE-2022-27510 was fixed on November 8 and represents an authentication bypass affecting both Citrix products.

An attacker can use it to gain unauthorized access to a device, hijack a remote desktop, or bypass security to log in.

The second bug tracked as CVE-2022-27518 was disclosed and fixed on December 13. It allows unauthorized attackers to remotely execute commands on vulnerable devices and gain control over them.

The attackers were already actively using it at the time when Citrix released the fixes.

Despite the released updates, Fox NCC Group resellers report that thousands of deployments remain vulnerable to attacks.

On November 11, 2022, Fox specialists scanned the global network and found a total of 28,000 Citrix servers on the network.

Based on the results of comparing product versions, as of December 28, 2022, they found that most users use version 13.0–88.14, which is not affected by bugs. 

The second most popular version was 12.1-65.21, which is vulnerable to CVE-2022-27518 under certain conditions, identified on 3,500 endpoints.

In order for them to be attacked, a SAML SP or IdP configuration is required, which means that not all 3500 systems were vulnerable to CVE-2022-27518.

In addition, there are more than 1,000 servers vulnerable to CVE-2022-27510, and approximately 3,000 endpoints potentially vulnerable to both critical errors.

The third place was taken by deployments that return hashes with unknown Citrix version numbers. There are more than 3,500 servers, which may or may not be vulnerable to any vulnerability.

As for the speed of patch installation, the resellers note the prompt reaction of users in the USA, Germany, Canada, Australia and Switzerland to the publication of relevant security recommendations.

In general, Fox statistics show that many companies still have a lot of work to do to eliminate all security gaps, as well as hackers, who still have a large enough gap to plan and carry out attacks.

Information

Visitors who are in the group Guests they can't download files.
Log in to the site under your login and password or if you are a new user go through the process registrations on the website.
0 0

Comments:

This publication has no comments yet. You can be the first!

Information the publication:

  • Author of the publication: web3
  • Date of publication: 16 January 2023 12:06
  • Publication category(s): Information security
  • Number of views of the publication: 232
  • Number of comments to the publication: 0

Related News

16 January 2023
Information security
Most Cacti installations

Most Cacti installations on the Internet are not fixed and are vulnerable to a critical RCE error, which is

Read more
16 January 2023
Information security
Critical CVE-2022-44877

Critical CVE-2022-44877 with a severity rating of 9.8 out of 10, recently fixed in the Control Web Panel (formerly

Read more
16 January 2023
Information security
The first January ICS

The first January ICS fixes came up with a dozen security recommendations from Siemens and Schneider Electric,

Read more
16 January 2023
Information security
In their latest report,

In their latest report, Crowdstrike report how Scattered Spider tried to implement BYOVD using an old Intel driver

Read more
16 January 2023
Information security
Experts warn of a

Experts warn of a critical vulnerability of the Linux kernel of 10 points on the CVSS scale, which affects SMB

Read more

Information

Users of visitor are not allowed to comment this publication.

Site Search

Site Menu


☑ Scripts Software

Recent comments

Mostbet Casino Script online bookmaker – Download
Take a look at me CLICK
Update the links to the files.
I'm already uploading files to a separate cloud for your forum.
Update the links to the files.
update your links.
Casino sources and sports betting
There are no rights to download. Attention! dear users of our site, if you see this notification, it means that only Premium users can download
Casino sources and sports betting
WHERES DOWNLOAD?

Calendar

«    May 2024    »
MonTueWedThuFriSatSun
 12345
6789101112
13141516171819
20212223242526
2728293031 

Advertisement

Survey on the website

Evaluate the work of the site
 

Tag Cloud

1win 1С-Bitrix Agency Template Anonymous VPS Hosting bet script bets betscripts betting Betting exchange betting script Betting scripts betting software bitcoin blockchain buy betting script casino Casino Gaming software casino script Casino Script Casino script casino script full source code Casino script software Casino scripts casino slots casino software crypto crypto casino Crypto Casino Crypto Casino script crypto exchange crypto exchange script cryptocurrency exchange DLE hacks DLE modules download download betting script exchange script FREE Group FREE Script games goldsvet Goldsvet goldsvet 8 goldsvet casino goldsvet script goldsvet sportsbook HTML5 Casino HTML5 Slot live casino nft online betting script online betting software online casino script Open Source php portugal PREMIUM Group software source code sports betting script sportsbook Telegram bot Tomato Template trading bot vegas Violet Template VIP Group virtual sports white label casino WHMCS
Show all tags

Popular

Statistics

  • +7 Total articles 5578
  • +16 Comments 3150
  • +28 Users : 4133
Full statistics

Contacts

Subscribe

Moderator
Channel
Google
RSS