If you haven't shored up that Citrix hole, you were probably hacked over the weekend: Exploit code now available

2020-01-13 06:05

Late last month Citrix disclosed a critical security hole in its Application Delivery Controller and Unified Gateway offerings.

Up to 80,000 systems were thought to be at risk, with some 25,000 instances found online over the weekend.

The proof-of-concept code can be used to trivially achieve arbitrary code execution with no account credentials - hijack systems, in other words - via a directory traversal.

People's honey pots are being actively attacked, so if you haven't put in place the mitigations, and you have vulnerable systems facing the internet, you were probably hacked over the weekend by miscreants mass-scanning the 'net for machines to compromise.

The team shows how researchers go from discovering a security flaw to verifying it and developing a proof of concept to demonstrate remote code execution.

News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/01/13/security_roundup_100120/

#citrix #exploit #hacked

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Citrix		66	2	64	101	46	213

News URL

Related news

Related vendor