Security News > 2020 > January > Exploits for Citrix ADC and Gateway flaw abound, attacks are ongoing
With several exploits targeting CVE-2019-19781 having been released over the weekend and the number of vulnerable endpoints still being over 25,000, attackers are having a field day.
Some other researchers then published exploits and scanners for it.
The exploit published by TrustedSec "Works well" and establishes a reverse shell, SANS ISC's Johannes Ullrich noted.
"We do see heavy exploitation of the flaw using variations of both exploits. Most attempts follow the 'Project Zero India' pattern, which is likely simpler to include in existing exploit scripts. Much of the scanning we have been seen so far is just testing the vulnerability by attempting to run commands like 'id' and 'uname'," he shared.
"A few exploits attempted to download additional code. I was successful retrieving one sample so far, a simple Perl backdoor."
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/cgeGcooZ90I/
Related news
- Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks (source)
- Cybercriminals exploit file sharing services to advance phishing attacks (source)
- BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave (source)
- Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus (source)
- New PIXHELL Attack Exploits LCD Screen Noise to Exfiltrate Data from Air-Gapped Computers (source)
- Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-27 | CVE-2019-19781 | Path Traversal vulnerability in Citrix products An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. | 9.8 |