Vulnerability Recap 5/13/24: F5, Citrix & Chrome

The most dangerous vulnerabilities might be the lesser known Tinyproxy and Cinterion Cellular Modem flaws.
The stress and high expense of attacks can be avoided by proactively tracking assets, staying informed, and allocating some resources to eliminating vulnerabilities before they become ballooning disasters.
The Talos team published that they received no response from the Tinyproxy open-source developers, and therefore they published the proof of concept before a patch was available for this vulnerability with a CVSSv3 rating of 9.8 out of 10.
To coordinate tracking and remediating vulnerabilities, consider a vulnerability management solution.
Type of vulnerability: Deterministic cryptographic number generation.
The problem: As disclosed in the April 22nd vulnerability recap, PuTTY didn't generate sufficiently random numbers for encryption keys.
The fix: XenCenter for Citrix Hypervisor versions from 8.2.7 don't include PuTTY and require no action.
Type of vulnerability: OData injection, SQL injection.
The problem: F5 patched their unified BIG-IP Next controller, Next Central Manager, to fix a pair of official vulnerabilities: CVE-2024-21793 and CVE-2024-26026.
Both flaws rate CVSSv3 7.5 out of 10 and successful exploitation of these vulnerabilities can disclose user and administrator password hashes.
Researchers at Eclypsium published a proof of concept that describes five vulnerabilities, of which only two have been assigned CVE numbers and formally patched by F5. The proof of concept demonstrates that unpatched management consoles may be remotely compromised.
Obtaining access to the password hashes from the compromise can lead to complete takeover of the F5 management consoles and, by extension, F5 devices managed by the console.
The fix: All device configurations contain the vulnerabilities.
The problem: Google sent out Windows and MacOS Chrome updates and disclosed their fifth actively-exploited vulnerability of 2024: CVE-2024-4671.
Type of vulnerability: Heap overflow, digital signature check bypass, unauthorized code execution, privilege escalation.
The problem: Vendors integrate Telit's Cinterion modems into internet of things devices such as industrial equipment, medical devices, vehicle tracking sensors, and smart meters.
The most significant vulnerability, CVE-2023-47610 rates CVSSv3 9.8 out of 10, and researchers at Kaspersky note that exploitation could lead to remote code execution and unauthorized privilege escalation to take over these devices potentially connected to critical infrastructure.
The other vulnerabilities involve mishandling Java applets running on the IoT. Exploitation of the other vulnerabilities could expose confidential data and allow the device to provide entry to connected networks.
The fix: Owners of IoT with cellular connections should check for the presence of Cinterion modems and patches through the device manufacturers.
Kaspersky recommends disabling non-essential SMS messaging capabilities and private access code names with strict security settings to counter the most critical vulnerability.


This Cyber News was published on www.esecurityplanet.com. Publication date: Mon, 13 May 2024 20:13:06 +0000


Cyber News related to Vulnerability Recap 5/13/24: F5, Citrix & Chrome

CVE-2007-2850 - The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a ...
7 years ago
US Health Dept urges hospitals to patch critical Citrix Bleed bug - The U.S. Department of Health and Human Services warned hospitals this week to patch the critical 'Citrix Bleed' Netscaler vulnerability actively exploited in attacks. Ransomware gangs are already using Citrix Bleed to breach their targets' networks ...
1 year ago Bleepingcomputer.com
LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed - The Lockbit ransomware attacks use publicly available exploits for the Citrix Bleed vulnerability to breach the systems of large organizations, steal data, and encrypt files. Although Citrix made fixes available for CVE-2023-4966 more than a month ...
1 year ago Bleepingcomputer.com
Citrix warns admins to kill NetScaler user sessions to block hackers - Citrix reminded admins today that they must take additional measures after patching their NetScaler appliances against the CVE-2023-4966 'Citrix Bleed' vulnerability to secure vulnerable devices against attacks. Besides applying the necessary ...
1 year ago Bleepingcomputer.com
HHS warns of 'Citrix Bleed' attacks after hospital outages - The U.S. Department of Health and Human Services is warning hospitals and healthcare facilities across the country to patch a vulnerability known as "Citrix Bleed" that is being used in attacks by ransomware gangs. For weeks, cybersecurity experts ...
1 year ago Therecord.media
Two more Citrix NetScaler bugs exploited in the wild The Register - Two vulnerabilities in NetScaler's ADC and Gateway products have been fixed - but not before criminals found and exploited them, according to the vendor. CVE-2023-6548 could allow remote code execution in the appliances' management interface. It ...
10 months ago Go.theregister.com
Citrix Bleed exploit lets hackers hijack NetScaler accounts - A proof-of-concept exploit is released for the 'Citrix Bleed' vulnerability, tracked as CVE-2023-4966, that allows attackers to retrieve authentication session cookies from vulnerable Citrix NetScaler ADC and NetScaler Gateway appliances. ...
1 year ago Bleepingcomputer.com
Hackers use Citrix Bleed flaw in attacks on govt networks worldwide - Threat actors are leveraging the 'Citrix Bleed' vulnerability, tracked as CVE-2023-4966, to target government, technical, and legal organizations in the Americas, Europe, Africa, and the Asia-Pacific region. Researchers from Mandiant report that four ...
1 year ago Bleepingcomputer.com
CVE-2020-8245 - Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler ...
4 years ago
CVE-2020-8247 - Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, ...
4 years ago
CVE-2020-8246 - Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, ...
4 years ago
Google Online Security Blog: Sustaining Digital Certificate Security - The Chrome Security Team prioritizes the security and privacy of Chrome's users, and we are unwilling to compromise on these values. The Chrome Root Program Policy states that CA certificates included in the Chrome Root Store must provide value to ...
5 months ago Security.googleblog.com
US Health Dept Urges Hospitals to Patch Critical 'Citrix Bleed' Vulnerability - This week, the US Department of Health and Human Services has warned hospitals of the critical 'Citrix Bleed' Netscaler vulnerability that has been exploited by threat actors in cyberattacks. On Thursday, the department's security team, Health Sector ...
1 year ago Cysecurity.news
Citrix Discovers Two Vulnerabilities, Both Exploited in the Wild - Two vulnerabilities have been found in NetScaler ADC and NetScaler Gateway, formerly known as Citrix ADC and Citrix Gateway, and are affecting six supported versions. Tracked as CVE-2023-6548, this vulnerability needs access to NSIP, CLIP, or SNIP ...
10 months ago Darkreading.com
CISA pushes federal agencies to patch Citrix RCE within a week - Today, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days actively exploited in attacks, pushing for a Citrix RCE bug to be patched within a week. Citrix urged ...
10 months ago Bleepingcomputer.com
Vulnerability Recap 5/13/24: F5, Citrix & Chrome - The most dangerous vulnerabilities might be the lesser known Tinyproxy and Cinterion Cellular Modem flaws. The stress and high expense of attacks can be avoided by proactively tracking assets, staying informed, and allocating some resources to ...
6 months ago Esecurityplanet.com
Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately - Citrix warned admins today to secure all NetScaler ADC and Gateway appliances immediately against ongoing attacks exploiting the CVE-2023-4966 vulnerability. The company patched this critical sensitive information disclosure flaw two weeks ago, ...
1 year ago Bleepingcomputer.com
#StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability - These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures and indicators of compromise to help organizations protect against ransomware. Historically, LockBit 3.0 affiliates have conducted attacks ...
1 year ago Cisa.gov
Google Chrome Zero-Day Bug Under Attack, Allows Code Injection - Google has patched a high-severity zero-day bug in its Chrome Web browser that attackers are actively exploiting. The vulnerability, assigned as CVE-2024-0519, is the first Chrome zero-day bug that Google has disclosed in 2024, and the second in the ...
10 months ago Darkreading.com
Weekly Vulnerability Recap 1/22/24: Chrome, Ivanti, & Citrix - This week's vulnerability news include GitHub credential access, a new Chrome fix, and hidden malware from pirated applications hosted on Chinese websites. Citrix and Ivanti are seeing more problems, too, as more vulnerabilities have cropped up in ...
10 months ago Esecurityplanet.com
AHA, Federals Urge Healthcare Ogranizations to Minimize Citrix Bleed Vulnerability - The alert from the Department of Health and Human Services Health Sector Cybersecurity Coordination Center on Nov. 30 and the AHA warning on Friday come amid an outbreak of ransomware attacks alleged to involve Citrix Bleed exploitation that has hit ...
1 year ago Cysecurity.news
CVE-2020-10112 - ** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. NOTE: Citrix disputes this as not a vulnerability. By default, Citrix ADC only caches static content served under certain URL paths for Citrix Gateway usage. No dynamic ...
4 years ago
Xfinity discloses data breach after recent Citrix server hack - Doing business as Xfinity, disclosed on Monday that attackers who breached one of its Citrix servers in October also stole customer-sensitive information from its systems. On October 25, roughly two weeks after Citrix released security updates to ...
11 months ago Bleepingcomputer.com
CVE-2010-2990 - Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client for Solaris before 8.63, and Citrix ...
6 years ago
CVE-2021-22914 - Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Such information could be used by an malicious actor to ...
3 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)