Citrix Servers Discovered to be Vulnerable to Cyberattackers vclubsu, yalelodgecm

Researchers have revealed that some cyber attackers are
exploring weaknesses in the ADC and Gateway products in the Citrus servers. The
researchers disclosed this malware attack in December as the malware
impacts NetScaler ADC as well as the NetScaler, known as the Citrus Gateway.
Positive Technologies initially reported the hacking attempt when it
said the system’s weakness allows directory traversal. When this weakness is
exploited, the threat actors can carry out Remote Code Execution attacks on the
It should be noted that this is not the first time Citrix has discovered a security breach or vulnerability in their system. Last year March, it discovered a security breach due to weak account credentials. During the attack, the threat actors were able to infiltrate the internal networks and hacked some critical business documents.
The security advisory board at Citrix has mentioned the list of
products affected by the breach. They include the Gateway 10.5 version, gateway
11.1 version, 12.0, 12.1, as well as the gateway 13.0 version of the products.
The security board also stated there are more than 800,000
users from about 157 countries who make use of the ADC products. According to
the firm, these numbers could be vulnerable to cyberattacks if the breach
But users in the U.S. are more at risk because they
dominate the large numbers of users of ADC. Presently, 38% of the users are
residents in the U.S. The company also has significant users in Australia,
Netherlands, Germany, and the United Kingdom. Citrix application is used to
connect critical businesses and workstations
According to Positive Technologies, the portal is
vulnerable to attack because Citrix application is first accessible from the
firms’ network perimeter.
The breach gives unauthorized access to hackers or other attackers to the company’s applications as well as other programs listed on the company’s internal network. When they breach the network server of Citrix, they can reach other sections of the server and infiltrate the system, according to Positive Technologies.
Bleeping Computer reported on January 8 that security researchers had discovered some loopholes in the Citrix servers that potential hackers are looking to exploit. Researcher Kevin Beaumont said on Twitter that some attackers are reading highly classified credential configuration files using directory traversal.
According to him, the hackers are not making use of public exploit codes . Even if they want to exploit that option, it is presently not happening. He reiterated that the attackers did not use sophisticated measures to infiltrate the system, adding that some of the attack attempts were merely GET requests.
Although Citrix has not yet issued a firmware that would
patch up the vulnerability, the firm has released some mitigation steps for both clusters
and standalone systems. The company has asked its users to apply these
mitigation steps to avoid being a victim of any cyberattack.
It also said that when the firmware version for the
vulnerability patch is released, customers should make sure their system is
completely updated with the new appliance firmware. Also, Citrix has asked customers
to subscribe to bulletin alerts to know exactly when the new firmware would be
updated and released.
Dmitry Serebryannikov, director at Positive Technologies,
said that many corporate networks make use of the Citrix applications. Via the
application, the companies can provide terminal access to their employees
through the platform.
Considering how broad the Citrix app has gone into the business community and the high risk of vulnerability , the researchers have asked Citrix security experts to find the root of the matter. According to them, it would help to discover everything about the breach on time to mitigate any future threats around the systems.
The security researchers also urged IT administrations to run sets of commands to help patch up the vulnerability and create a strong line of defense against any future cyber attackers in the system. While advising customers, Citrix said the affected customers should immediately apply the changes for the upgrade when it’s released. They should also upgrade other vulnerability appliances with the soon to be released firmware.
vclubsu yalelodgecm