Security News

A researcher who discovered many vulnerabilities in Cisco's Data Center Network Manager product has made public some proof-of-concept exploits and technical details. In early January, Cisco informed customers that it had released updates for DCNM to address several critical and high-severity vulnerabilities.

Two proof-of-concept exploits have been publicly released for the recently-patched crypto-spoofing vulnerability found by the National Security Agency and reported to Microsoft. The two PoC exploits were published to GitHub on Thursday.

Several proof-of-concept exploits have already been created - and some of them have been made public - for CVE-2020-0601, the crypto-related Windows vulnerability that Microsoft patched recently after being notified by the U.S. National Security Agency. Currently, there is no evidence that the vulnerability has been exploited in attacks, but PoC exploits have been created for CVE-2020-0601 much faster than many had anticipated.

Proof-of-concept exploit code has been released for an unpatched remote-code-execution vulnerability in the Citrix Application Delivery Controller and Citrix Gateway products. The vulnerability, which Threatpost reported on in December, already packs a double-punch in terms of severity: Researchers say it is extremely easy to exploit, and affects all supported versions of Citrix Gateway products and Citrix ADC, a purpose-built networking appliance meant to improve the performance and security of applications delivered over the web.

Exploits targeting the recent Citrix Application Delivery Controller vulnerability have already been published online, yet security patches will not be available for at least another week. Impacting both Citrix ADC and Citrix Gateway, the vulnerability is tracked as CVE-2019-19781 and could lead to code execution without authentication, Citrix revealed on December 17, 2019.

With several exploits targeting CVE-2019-19781 having been released over the weekend and the number of vulnerable endpoints still being over 25,000, attackers are having a field day. Some other researchers then published exploits and scanners for it.

Technology giant Citrix says it's racing to develop patches to fix a severe flaw in its software, for which proof-of-concept exploit code has now been released. Designated CVE-2019-19781, the directory traversal flaw has been present in Citrix's code for nearly six years, but only came to light - at least publicly - in December 2019.

Late last month Citrix disclosed a critical security hole in its Application Delivery Controller and Unified Gateway offerings. Up to 80,000 systems were thought to be at risk, with some 25,000 instances found online over the weekend.

Why the urgency? Earlier today, multiple groups publicly released weaponized proof-of-concept exploit code [1, 2] for a recently disclosed remote code execution vulnerability in Citrix's NetScaler ADC and Gateway products that could allow anyone to leverage them to take full control over potential enterprise targets. Just before the last Christmas and year-end holidays, Citrix announced that its Citrix Application Delivery Controller and Citrix Gateway are vulnerable to a critical path traversal flaw that could allow an unauthenticated attacker to perform arbitrary code execution on vulnerable servers.

A proof-of-concept attack has been pioneered that "Fully and practically" breaks the Secure Hash Algorithm 1 code-signing encryption, used by legacy computers to sign the certificates that authenticate software downloads and prevent man-in-the-middle tampering. All of the major browsers and most applications don't recognize certificates signed with SHA-1 these days, few certificate authorities still support it, and NIST has deprecated it since 2011, but the latest PoC attack is nonetheless deeply concerning given that for all of that, it remains far from being fully deprecated.