November 10th, 2022: CyberHoot has learned of multiple authentication bypass vulnerabilities being reported in Citrix ADC and Gateway products. Patches are available and should be applied to impacted systems quickly. While there are no known reports of exploitation in the wild, the announcement of patches by Citrix allows hackers to reverse engineer patches leading quickly to working exploits. Patch quickly.
Multiple vulnerabilities have been discovered in Citrix ADC and Gateway, the most severe of which could allow for Authentication Bypass. Citrix ADC and Gateway is an Application Delivery Controller and a gateway service to products respectively. Successful exploitation of the most severe of these vulnerabilities could result in Authentication Bypass. A malicious actor may be able to obtain administrative access. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data.
What Should You Do?
Companies should have an accurate inventory of all their hardware and software assets. Review those databases to determine your potential impact. You could also review vulnerability scan data for potential exposure. In all cases, if you find yourself exposed you should follow your vulnerability alert management process and patch according to the timelines it suggests. For CyberHoot vCISO clients, this is a Severity 1 issue that should be patched within 1-3 days.
There are currently no known work-arounds to alleviate these risks outside of patching.
You have a Vulnerability Alert Management Process, right?
If you’re a subscriber to CyberHoot’s awareness training platform, you have access to our Policy and Process library which contains the Vulnerability Alert Management Process (VAMP) document. This document prescribes how to respond to situations like this and in what time frame. If your company has not yet adopted a VAMP-like process, now is a great time to get started.
If you’re a vCISO client, we’ve built this process for you and now you must execute according to the prescribed measures and timeframes. If you’re not a vCISO client or CyberHoot Product subscriber, perhaps you want to sign up here.
Bleeping Computer Summary of Vulnerabily Recommendations from CitrixCenter for Internet Security AdvisoryCitrix Advisory on Vulnerabilities in ADC and Gateway Products
Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.
Your inbox sees dozens of emails every day that look completely routine. A DocuSign notification fits right in. A...
Read more
And yes, Google's Gemini AI had no idea it was working for the bad guys. Malware has always followed a script....
Read more
Ransomware groups are not breaking in organizations the same way they did five years ago. The entry methods have...
Read moreGet sharper eyes on human risks, with the positive approach that beats traditional phish testing.
