[ad_1]
This voice is auto-generated. Please let us know if you have any feedback.
Dive briefs:
- Federal authorities are encouraging users and enterprise administrators to apply security updates after the discovery of critical vulnerabilities in Citrix ADC (Application Delivery Controller) and Citrix Gateway.
- The Cybersecurity and Infrastructure Security Agency warned Wednesday that remote attackers could exploit the vulnerability to take control of affected systems.
- Citrix is not aware of any exploits in the wild, but is urging administrators to patch their systems immediately, according to a company spokesperson.
Dive Insight:
On Tuesday, the technology company issued a bulletin about three vulnerabilities in Citrix ADC and Citrix Gateway. This includes an authentication bypass vulnerability listed as CVE-2022-27510, which is considered critical with a CVSS score of 9.8.
According to the company, the vulnerability affects appliances that have the Secure Sockets Layer VPN feature enabled or that have authentication enabled and used as an independent computing architecture proxy.
Tenable researchers have not seen active exploitation of the vulnerabilities, but cautioned that threat actors expect to target these vulnerabilities, especially one critical flaw, in the near future. I’m here.
Satnam Narang, senior staff research engineer at Tenable, said: email.
Tenable researchers found that Citrix ADC and Citrix Gateway have been routinely targeted since the critical path transversal vulnerability, listed as CVE-2019-19781, was first disclosed in December 2019. said that
State-sponsored threat actors associated with China and Iran have used exploits in ransomware attacks specifically targeting the healthcare industry. This vulnerability was included in the list of top vulnerabilities exploited by the People’s Republic of China.
[ad_2]
Source link