November 10th, 2022: CyberHoot has learned of multiple authentication bypass vulnerabilities being reported in Citrix ADC and Gateway products. Patches are available and should be applied to impacted systems quickly. While there are no known reports of exploitation in the wild, the announcement of patches by Citrix allows hackers to reverse engineer patches leading quickly to working exploits. Patch quickly.
Multiple vulnerabilities have been discovered in Citrix ADC and Gateway, the most severe of which could allow for Authentication Bypass. Citrix ADC and Gateway is an Application Delivery Controller and a gateway service to products respectively. Successful exploitation of the most severe of these vulnerabilities could result in Authentication Bypass. A malicious actor may be able to obtain administrative access. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data.
What Should You Do?
Companies should have an accurate inventory of all their hardware and software assets. Review those databases to determine your potential impact. You could also review vulnerability scan data for potential exposure. In all cases, if you find yourself exposed you should follow your vulnerability alert management process and patch according to the timelines it suggests. For CyberHoot vCISO clients, this is a Severity 1 issue that should be patched within 1-3 days.
There are currently no known work-arounds to alleviate these risks outside of patching.
You have a Vulnerability Alert Management Process, right?
If you’re a subscriber to CyberHoot’s awareness training platform, you have access to our Policy and Process library which contains the Vulnerability Alert Management Process (VAMP) document. This document prescribes how to respond to situations like this and in what time frame. If your company has not yet adopted a VAMP-like process, now is a great time to get started.
If you’re a vCISO client, we’ve built this process for you and now you must execute according to the prescribed measures and timeframes. If you’re not a vCISO client or CyberHoot Product subscriber, perhaps you want to sign up here.
Bleeping Computer Summary of Vulnerabily Recommendations from CitrixCenter for Internet Security AdvisoryCitrix Advisory on Vulnerabilities in ADC and Gateway Products
Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.
One Forgotten Password, Almost a Catastrophe A single Windows machine at a retail store location had a cached...
Read more
You now have five important reasons to start a router security conversation with your small business clients this...
Read more
OAuth tokens don't expire when employees leave, passwords change, or apps go rogue. Your security program needs...
Read moreGet sharper eyes on human risks, with the positive approach that beats traditional phish testing.
