[ad_1]
Thousands of Citrix Application Delivery Controller (ADC) and Gateway endpoints stay susceptible to 2 important safety flaws disclosed by the corporate over the previous few months.
The points in query are CVE-2022-27510 and CVE-2022-27518 (CVSS scores: 9.8), which have been addressed by the virtualization providers supplier on November 8 and December 13, 2022, respectively.
While CVE-2022-27510 pertains to an authentication bypass that could possibly be exploited to achieve unauthorized entry to Gateway person capabilities, CVE-2022-27518 considerations a distant code execution bug that would allow the takeover of affected programs.
Citrix and the U.S. National Security Agency (NSA), earlier this month, warned that CVE-2022-27518 is being actively exploited within the wild by risk actors, together with the China-linked APT5 state-sponsored group.
Now, in response to a new evaluation from NCC Group’s Fox-IT analysis group, 1000’s of internet-facing Citrix servers are nonetheless unpatched, making them a lovely goal for hacking crews.
This consists of over 3,500 Citrix ADC and Gateway servers working model 12.1-65.21 which are prone to CVE-2022-27518, in addition to greater than 500 servers working 12.1-63.22 which are susceptible to each flaws.
A majority of the servers, amounting to at least 5,000, are working 13.0-88.14, a model that is proof against CVE-2022-27510 and CVE-2022-27518.
A rustic-wise breakdown exhibits that greater than 40% of servers positioned in Denmark, the Netherlands, Austria, Germany, France, Singapore, Australia, the U.Okay., and the U.S. have been up to date, with China faring the worst, the place solely 20% of practically 550 servers have been patched.
Fox-IT stated it was in a position to deduce the model info from an MD5-like hash worth current within the HTTP response of login URL (i.e., “ns_gui/vpn/index.html”) and mapping it to their respective variations.