• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
hackers actively exploiting citrix adc and gateway zero day vulnerability

Hackers Actively Exploiting Citrix ADC and Gateway Zero-Day Vulnerability

You are here: Home / General Cyber Security News / Hackers Actively Exploiting Citrix ADC and Gateway Zero-Day Vulnerability
December 14, 2022

The U.S. Nationwide Security Agency (NSA) on Tuesday stated a menace actor tracked as APT5 has been actively exploiting a zero-day flaw in Citrix Software Shipping and delivery Controller (ADC) and Gateway to acquire over influenced methods.

The critical remote code execution vulnerability, discovered as CVE-2022-27518, could make it possible for an unauthenticated attacker to execute commands remotely on vulnerable units and seize management.

Productive exploitation, having said that, demands that the Citrix ADC or Citrix Gateway appliance is configured as a SAML provider supplier (SP) or a SAML id service provider (IdP).

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


CyberSecurity

The pursuing supported variations of Citrix ADC and Citrix Gateway are influenced by the vulnerability –

  • Citrix ADC and Citrix Gateway 13. ahead of 13.-58.32
  • Citrix ADC and Citrix Gateway 12.1 in advance of 12.1-65.25
  • Citrix ADC 12.1-FIPS before 12.1-55.291
  • Citrix ADC 12.1-NDcPP just before 12.1-55.291

Citrix ADC and Citrix Gateway versions 13.1 are not impacted. The company also said there are no workarounds obtainable “past disabling SAML authentication or upgrading to a present-day make.”

The virtualization solutions supplier mentioned it’s conscious of a “modest selection of targeted attacks in the wild” working with the flaw, urging prospects to apply the most current patch to unmitigated programs.

APT5, also recognised as Bronze Fleetwood, Keyhole Panda, Manganese, and UNC2630, is believed to run on behalf of Chinese interests. Past year, Mandiant unveiled espionage action targeting verticals that aligned with government priorities outlined in China’s 14th 5-Year Plan.

All those attacks entailed the abuse of a then-disclosed flaw in Pulse Secure VPN equipment (CVE-2021-22893, CVSS score: 10.) to deploy destructive web shells and exfiltrate useful facts from business networks.

“APT5 has demonstrated capabilities towards Citrix Application Delivery Controller deployments,” NSA reported. “Targeting Citrix ADCs can facilitate illegitimate accessibility to specific corporations by bypassing regular authentication controls.”

Microsoft, very last month, pointed out Chinese danger actors’ background of identifying and using zero days to their edge right before getting picked up by other adversarial collectives in the wild.

News of the Citrix bug also comes a day soon after Fortinet exposed a significant vulnerability that also facilitates distant code execution in FortiOS SSL-VPN products (CVE-2022-42475, CVSS score: 9.3).

VMWare releases updates for code execution vulnerabilities

In a connected improvement, VMware disclosed aspects of two critical flaws impacting ESXi, Fusion, Workstation, and vRealize Network Perception (vRNI) that could consequence in command injection and code execution.

  • CVE-2022-31702 (CVSS rating: 9.8) – Command injection vulnerability in vRNI
  • CVE-2022-31703 (CVSS rating: 7.5) – Directory traversal vulnerability in vRNI
  • CVE-2022-31705 (CVSS rating: 5.9/9.3) – Heap out-of-bounds generate vulnerability in EHCI controller

“On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is put in,” the business reported in a security bulletin for CVE-2022-31705.

Discovered this write-up appealing? Follow us on Twitter  and LinkedIn to browse a lot more exclusive written content we article.


Some areas of this write-up are sourced from:
thehackernews.com

Previous Post: «new actively exploited zero day vulnerability discovered in apple products New Actively Exploited Zero-Day Vulnerability Discovered in Apple Products
Next Post: December 2022 Patch Tuesday: Get Latest Security Updates from Microsoft and More december 2022 patch tuesday: get latest security updates from microsoft»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Russian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors
  • WhatsApp Unveils Proxy Support to Tackle Internet Censorship
  • Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub
  • Blind Eagle Hacking Group Targets South America With New Tools
  • US Family Planning Non-Profit MFHS Confirms Ransomware Attack
  • Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
  • Dridex Malware Now Attacking macOS Systems with Novel Infection Method
  • Cyber attacks on UK organisations surged 77% in 2022, new research finds
  • WhatsApp to combat internet blackouts with proxy server support
  • The IT Pro Podcast: Going passwordless

Copyright © TheCyberSecurity.News, All Rights Reserved.