China's APT41 Exploited Citrix, Cisco, ManageEngine Flaws in Global Campaign

2020-03-25 14:12

A China-linked threat actor tracked as APT41 has targeted many organizations around the world by exploiting vulnerabilities in Citrix, Cisco and Zoho ManageEngine products, FireEye reported on Wednesday.

"It's unclear if APT41 scanned the Internet and attempted exploitation en masse or selected a subset of specific organizations to target, but the victims appear to be more targeted in nature," FireEye said.

The threat group first exploited CVE-2019-19781, a vulnerability affecting Citrix ADC and Gateway products.

According to FireEye, APT41 started exploiting the vulnerability on January 20.

On March 8, APT41 started exploiting CVE-2020-10189, a vulnerability in ManageEngine Desktop Central for which details were disclosed on March 5 by a researcher, before the vendor could release any patches.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/YNGsMai5ASI/chinas-apt41-exploited-citrix-cisco-manageengine-flaws-global-campaign

#china #cisco #citrix #manageengine #CVE-2020-10189 #CVE-2019-19781

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2020-03-06	CVE-2020-10189	Deserialization of Untrusted Data vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. network low complexity zohocorp CWE-502 critical	9.8
2019-12-27	CVE-2019-19781	Path Traversal vulnerability in Citrix products An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. network low complexity citrix CWE-22 critical	9.8

Related vendor

VENDOR	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Cisco	4441	231	3130	1877	614	5852
Citrix	118	20	181	79	65	345
Manageengine	20	1	34	7	5	47