Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Cyber Security

    Thousands of Citrix Servers Still Unpatched for Critical Vulnerabilities

    justmattgBy justmattgJanuary 1, 2023Updated:January 1, 2023No Comments2 Mins Read

    [ad_1]

    Dec 29, 2022Ravie LakshmananServer Security / Citrix

    Citrix Servers

    Thousands of Citrix Application Delivery Controller (ADC) and Gateway endpoints remain vulnerable to two critical security flaws disclosed by the company over the last few months.

    The issues in question are CVE-2022-27510 and CVE-2022-27518 (CVSS scores: 9.8), which were addressed by the virtualization services provider on November 8 and December 13, 2022, respectively.

    While CVE-2022-27510 relates to an authentication bypass that could be exploited to gain unauthorized access to Gateway user capabilities, CVE-2022-27518 concerns a remote code execution bug that could enable the takeover of affected systems.

    CyberSecurity

    Citrix and the U.S. National Security Agency (NSA), earlier this month, warned that CVE-2022-27518 is being actively exploited in the wild by threat actors, including the China-linked APT5 state-sponsored group.

    Citrix Servers
    Citrix Servers

    Now, according to a new analysis from NCC Group’s Fox-IT research team, thousands of internet-facing Citrix servers are still unpatched, making them an attractive target for hacking crews.

    This includes over 3,500 Citrix ADC and Gateway servers running version 12.1-65.21 that are susceptible to CVE-2022-27518, as well as more than 500 servers running 12.1-63.22 that are vulnerable to both flaws.

    A majority of the servers, amounting to no less than 5,000, are running 13.0-88.14, a version that’s immune to CVE-2022-27510 and CVE-2022-27518.

    A country-wise breakdown shows that more than 40% of servers located in Denmark, the Netherlands, Austria, Germany, France, Singapore, Australia, the U.K., and the U.S. have been updated, with China faring the worst, where only 20% of nearly 550 servers have been patched.

    Fox-IT said it was able to deduce the version information from an MD5-like hash value present in the HTTP response of the login URL (i.e., “ns_gui/vpn/index.html”) and mapping it to their respective versions.

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.



    [ad_2]

    Source link

    Previous ArticleCISA Warns of Active exploitation of JasperReports Vulnerabilities
    Next Article New Malvertising Campaign via Google Ads Targets Users Searching for Popular Software
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑