Earlier this week, Citrix released security updates for Citrix Application Delivery Controller (ADC), Citrix Gateway, and the Citrix SD-WAN WANOP appliance, and urged admins to apply them as soon as possible to reduce risk.
At the time, there was no public attack code and no indication that any of the fixed flaws were getting actively exploited.
On Thursday, though, SANS ISC’s Dr. Johannes Ullrich spotted attackers attempting to exploit two of the Citrix vulnerabilities on his F5 BigIP honeypot (set up to flag CVE-2020-5902 exploitation attempts).
About the vulnerabilities
The fixed flaws are 11 in total, ranging from information disclosure and DoS bugs to elevation of pivelege, XSS and code injection flaws.
He also pointed out that of the 11 vulnerabilities, there are six possible attacks routes, and five of those have barriers to exploitation.
Finally, he added that the vulnerabilities have no link to CVE-2019-19781, the remote code execution flaw that’s been heavily exploited by attackers since late December/early January.
About the recent exploitation attempts
Dr. Ullrich said that they are seeing some scans that are looking for systems that haven’t been patched yet.
One of the exploited vulnerabilities allows arbitrary file downloads, the other allows retrieval of a PCI-DSS report without authentication.
Via helpnetsecurity.com