Security News > 2020 > January > Hackers Scan for Vulnerable Citrix ADC Systems

Hackers Scan for Vulnerable Citrix ADC Systems
2020-01-10 06:23

Weeks after Citrix revealed a critical vulnerability impacting its Application Delivery Controller and Gateway products, hackers have started to scan the Internet for vulnerable systems, security researchers report.

Now, only three weeks later, security researchers are already observing online scans for vulnerable systems, as well as exploitation attempts targeting CVE-2019-19781.

"In my Citrix ADC honeypot, CVE-2019-19781 is being probed with attackers reading sensitive credential config files remotely using./ directory traversal. So this is in the wild, active exploitation starting up," security researcher Kevin Beaumont said on Twitter.

The source IPs scanning his honeypot are located on the networks of China Mobile, BACloud, CHINA UNICOM Shanghai city network, and OpenIP. Based on the mitigation steps advised by Citrix, exploit attempts are expected to involve a path traversal likely related to the /vpns/ path on Citrix systems, Tripwire security researcher Craig Young notes.

21 days after Citrix published its advisory, less than a third of the exposed appliances had the mitigation enabled, with 39,378 of them remaining vulnerable.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/6WHWwb7uA2Y/hackers-scan-vulnerable-citrix-adc-systems

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2019-12-27 CVE-2019-19781 Path Traversal vulnerability in Citrix products
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0.
network
low complexity
citrix CWE-22
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Citrix 66 2 64 101 46 213