Security News > 2022 > December > Hackers Actively Exploiting Citrix ADC and Gateway Zero-Day Vulnerability
The U.S. National Security Agency on Tuesday said a threat actor tracked as APT5 has been actively exploiting a zero-day flaw in Citrix Application Delivery Controller and Gateway to take over affected systems.
Successful exploitation requires that the Citrix ADC or Citrix Gateway appliance is configured as a SAML service provider or a SAML identity provider.
The following supported versions of Citrix ADC and Citrix Gateway are affected by the vulnerability -.
Citrix ADC and Citrix Gateway versions 13.1 are not impacted.
"Targeting Citrix ADCs can facilitate illegitimate access to targeted organizations by bypassing normal authentication controls."
News of the Citrix bug also comes a day after Fortinet revealed a severe vulnerability that also facilitates remote code execution in FortiOS SSL-VPN devices.
News URL
https://thehackernews.com/2022/12/hackers-actively-exploiting-citrix-adc.html
Related news
- Lazarus Hackers Exploited Windows Kernel Flaw as Zero-Day in Recent Attacks (source)
- Hackers earn $1,132,500 for 29 zero-days at Pwn2Own Vancouver (source)
- CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability (source)
- Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks (source)
- Zero-day exploited right now in Palo Alto Networks' GlobalProtect gateways (source)
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)
- MITRE says state hackers breached its network via Ivanti zero-days (source)
- ArcaneDoor hackers exploit Cisco zero-days to breach govt networks (source)
- Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359) (source)
- State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage (source)