Dive Brief:
- Federal authorities are encouraging users and corporate administrators to apply security updates after major vulnerabilities were found in Citrix ADC (Application Delivery Controller) and Citrix Gateway.
- The Cybersecurity and Infrastructure Security Agency warned Wednesday that a remote attacker could exploit the vulnerability to take control over an affected system.
- Citrix is not aware of any known exploitation in the wild, but is urging administrators to immediately patch their systems, according to a company spokesperson.
Dive Insight:
The technology firm on Tuesday issued a bulletin regarding three vulnerabilities in Citrix ADC and Citrix Gateway, including an authentication bypass vulnerability, listed as CVE-2022-27510, which is considered critical with a CVSS score of 9.8.
The vulnerability affects appliances that enable secure socket layer VPN functionality or those using as an independent computing architecture proxy with authentication enabled, according to the company.
Researchers from Tenable have not seen an active exploitation of the vulnerabilities, however warn they expect threat actors to target these in the near future, particularly the one critical flaw.
“This will especially hold true if and when a proof-of-concept script is made available, which will provide attackers an easy way to implement a solution as part of their playbook,” Satnam Narang, senior staff research engineer at Tenable, said via email.
Tenable researchers said Citrix ADC and Citrix Gateway are routinely targeted for attack since a critical path transversal vulnerability, listed as CVE-2019-19781, was originally disclosed in December 2019.
State-sponsored threat actors linked to China and Iran have leveraged the exploit for ransomware attacks, particularly targeting the healthcare industry. This vulnerability was included in a list of top vulnerabilities exploited by the People’s Republic of China.