Technical info on Citrix vulnerabilities & exploits limited after patches

168
Citrix vulnerabilities and patches to be limited by the company | iTMunch

Multinational IT company Citrix Systems, Inc. has decided against providing the complete technical details of the vulnerabilities found in its products. It also wouldn’t disclose the full details of the patches used to fix these vulnerabilities, in an attempt to limit the advancement of these exploits. 11 vulnerabilities were found in Citrix products Application Delivery Controller (ADC) and Gateway that would allow code injection, denial of service and information disclosure. 4 of these Citrix vulnerabilities were prone to exploitation by an unauthenticated attacker.

As a fix, the American software company released patches for the 11 Citrix vulnerabilities in its popular products including Gateway and Citrix ADC. Some of these patches can be used to take a detour from authorization in order to inject code under some circumstances.

More about Citrix vulnerabilities

The Citrix vulnerabilities discovered had the potential of affecting the company’s product range from a low risk of elevating privilege flaw to a serious risk of code injection and across-site scripting weakness.

Fermin Serna, Chief Security Officer of Citrix said the move of not revealing the technical details has been taken to protect intelligence from malicious attacks. Serna said sophisticated malicious actors use the details and patches to reverse engineer the exploits. Avoiding reverse engineering of exploits is the prime reason behind not releasing the technical details of the vulnerabilities and patches.

Out of the 11 vulnerabilities found, 6 are possible attack routes and 5 have barriers to exploitation. The patches added to protect the products completely resolve all the issues.

SEE ALSO: Everything You Need to Know About Phishing Attacks and How to Avoid Them

About the Citrix products under threat

Citrix logo | iTMunch

The Citrix products at risk, Gateway and ADC, are software used for secure remote access and application-aware traffic management respectively. As per an assessment by Positive Technologies in December 2019, the products are currently being used in more than 80,000 in 158 companies. The vulnerabilities will also affect Citrix models 5100-WO, 5000-WO, 4100-WO and 4000-WO in addition to the company’s SD-WAN WANOP appliances.

Earlier this year, the server of Citrix Netscaler or Citrix Application Delivery Controller was subjected to extensive exploitation attempts. These attempts used CVE-2019-19781 to gain access to the devices to operate crypto-mining malware. Serna stressed that the bugs found now are not related to the critical CVE-2019-19781 in Citrix ADC and Gateway which was announced in December 2019.

SEE ALSO: CSIRO’s Data61 develops ‘Void’ to prevent voice spoofing attacks

For more updates and latest tech news, keep reading iTMunch

Subscribe to our Newsletter!

Previous articlePwC partner Anthony Klein joins Australian startup Preezie as an investor
Next articlePraemium to acquire wealth management platform Powerwrap for $55.6 million
Riddhi Jain is a technology content writer. She is based in India and has been working as a content writer since 2018. Riddhi has been writing content in the tech domain since May 2020 and can’t get enough of it. Riddhi has pursued most of her education from her hometown, Indore. She has graduated as a Bachelor of Business Administration and discovered her love for writing blogs while pursuing an internship during college. Once she discovered her love for writing, she went on to improve this skill set (and hasn’t stopped since). Riddhi’s writing relationship with iTMunch began in May 2020. This is where she developed a knack for writing content for the technology domain. She's an expert in tech content writing who has written over 700 blogs for iTMunch in just a year. Riddhi loves diving deep into tech sub-domains like financial technology, marketing technology, HR technology, Artificial Intelligence and gaming technology. She loves staying updated with the latest and upcoming trends in digital marketing, digital payments, fintech, gaming, web design and app development. She cherishes writing about futuristic technologies like blockchain and cryptocurrency, NFTs, Internet of Things, Facial Recognition, Machine Learning, Edge Computing, etc. Riddhi also likes to keep an eye on what’s going on with the tech titans like Google, Facebook and Apple. One of her major interests is in staying updated with the latest IT startups and the groundbreaking technologies they’re coming up with. When Riddhi is not writing content, she is binging on documentaries on Netflix (check out ‘The Great Hack’, ‘Seaspiracy’, and ‘What the Health’). She also likes reading books once in a while (Yuval Noah Harari and Michelle Magorian are some of her favorite authors). Riddhi also likes listening to podcasts like The Tim Ferriss Show (do listen to the ones with guest Naval Ravikant) and The Joe Rogan Experience.