Security News > 2020 > January > If you haven't shored up that Citrix hole, you were probably hacked over the weekend: Exploit code now available

If you haven't shored up that Citrix hole, you were probably hacked over the weekend: Exploit code now available
2020-01-13 06:05

Late last month Citrix disclosed a critical security hole in its Application Delivery Controller and Unified Gateway offerings.

Up to 80,000 systems were thought to be at risk, with some 25,000 instances found online over the weekend.

The proof-of-concept code can be used to trivially achieve arbitrary code execution with no account credentials - hijack systems, in other words - via a directory traversal.

People's honey pots are being actively attacked, so if you haven't put in place the mitigations, and you have vulnerable systems facing the internet, you were probably hacked over the weekend by miscreants mass-scanning the 'net for machines to compromise.

The team shows how researchers go from discovering a security flaw to verifying it and developing a proof of concept to demonstrate remote code execution.


News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/01/13/security_roundup_100120/

Related news

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Citrix 115 19 174 75 63 331