Headline
Alert: PoC Exploits Released for Citrix and VMware Vulnerabilities
Virtualization services provider VMware has alerted customers to the existence of a proof-of-concept (PoC) exploit for a recently patched security flaw in Aria Operations for Logs. Tracked as CVE-2023-34051 (CVSS score: 8.1), the high-severity vulnerability relates to a case of authentication bypass that could lead to remote code execution. "An unauthenticated, malicious actor can inject files
Virtualization services provider VMware has alerted customers to the existence of a proof-of-concept (PoC) exploit for a recently patched security flaw in Aria Operations for Logs.
Tracked as CVE-2023-34051 (CVSS score: 8.1), the high-severity vulnerability relates to a case of authentication bypass that could lead to remote code execution.
“An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution,” VMware noted in an advisory on October 19, 2023.
James Horseman from Horizon3.ai and the Randori Attack Team have been credited with discovering and reporting the flaw.
Horizon3.ai has since made available a PoC for the vulnerability, prompting VMware to revise its advisory this week.
It’s worth noting that CVE-2023-34051 is a patch bypass for a set of critical flaws that were addressed by VMware earlier this January that could expose users to remote code execution attacks.
“This patch bypass would not be very difficult for an attacker to find,” Horseman said. “This attack highlights the importance of defense in depth. A defender can’t always trust that an official patch fully mitigates a vulnerability.”
The disclosure comes as Citrix released an advisory of its own, urging customers to apply fixes for CVE-2023-4966 (CVSS score: 9.4), a critical security vulnerability affecting NetScaler ADC and NetScaler Gateway that has come under active exploitation in the wild.
“We now have reports of incidents consistent with session hijacking, and have received credible reports of targeted attacks exploiting this vulnerability,” the company said this week, corroborating a report from Google-owned Mandiant.
The exploitation efforts are also likely to ramp up in the coming days given the availability of a PoC exploit, dubbed Citrix Bleed.
“Here we saw an interesting example of a vulnerability caused by not fully understanding snprintf,” Assetnote researcher Dylan Pindur said.
“Even though snprintf is recommended as the secure version of sprintf it is still important to be careful. A buffer overflow was avoided by using snprintf but the subsequent buffer over-read was still an issue.”
The active exploitation of CVE-2023-4966 has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add it to the Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies in the U.S. to apply the latest patches by November 8, 2023.
The latest developments also follow the release of updates for three critical remote code execution vulnerabilities in SolarWinds Access Rights Manager (CVE-2023-35182, CVE-2023-35185, and CVE-2023-35187, CVSS scores: 9.8) that remote attackers could use to run code with SYSTEM privileges.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Related news
Among the top exploited zero-day vulnerabilities were bugs found in systems from Citrix and Cisco.
Citrix is warning of two zero-day security vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that are being actively exploited in the wild. The flaws are listed below - CVE-2023-6548 (CVSS score: 5.5) - Authenticated (low privileged) remote code execution on Management Interface (requires access to NSIP, CLIP, or SNIP with management
By Deeba Ahmed The latest Xfinity data breach is linked to the critical Citrix Bleed vulnerability. This is a post from HackRead.com Read the original post: Xfinity Rocked with Data Breach Impacting 36 Million Users
Citrix Bleed is being actively exploited by at least six cybercrime groups.
Multiple threat actors, including LockBit ransomware affiliates, are actively exploiting a recently disclosed critical security flaw in Citrix NetScaler application delivery control (ADC) and Gateway appliances to obtain initial access to target environments. The joint advisory comes from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI),
By Deeba Ahmed Earlier, Boeing acknowledged a cyberattack amidst claims by the Lockbit ransomware gang of breaching its security and stealing data. This is a post from HackRead.com Read the original post: Lockbit Ransomware Leaks Boeing Data Trove
By Deeba Ahmed Reportedly, it was a ransomware attack orchestrated by the notorious LockBit gang. This is a post from HackRead.com Read the original post: World’s Largest Bank ICBC Discloses Crippling Ransomware Attack
Hello everyone! October was an interesting and busy month for me. I started a new job, worked on my open source Vulristics project, and analyzed vulnerabilities using it. Especially Linux vulnerabilities as part of my new Linux Patch Wednesday project. And, of course, analyzed Microsoft Patch Tuesday as well. In addition, at the end of […]
The Arid Viper threat actor is actively trying to install spyware on targeted devices in the Middle East, using fake dating apps as lures.
By Waqas Mandiant Investigates Zero-Day Exploitation in Citrix Vulnerability, CVE-2023-4966. This is a post from HackRead.com Read the original post: Mandiant Tracks Four Uncategorized Groups Exploiting Citrix Vulnerability
Plus: Major vulnerability fixes are now available for a number of enterprise giants, including Cisco, VMWare, Citrix, and SAP.
Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server
In the race over Citrix's latest vulnerability, the bad guys have a huge head start, with broad implications for businesses and critical infrastructure providers worldwide.
SolarWinds' access controls contain five high and three critical-severity security vulnerabilities that need to be patched yesterday.
SolarWinds' access controls contain five high and three critical-severity security vulnerabilities that need to be patched yesterday.
SolarWinds' access controls contain five high and three critical-severity security vulnerabilities that need to be patched yesterday.
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability allows an unauthenticated user to achieve the Remote Code Execution.
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution.
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution.
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution.
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability can be abused by unauthenticated users on SolarWinds ARM Server.
The latest threat to Citrix NetScaler, CVE-2023-4966, was exploited as a zero-day bug for months before a patch was issued. Researchers expect exploitation efforts to surge.
Citrix is warning of exploitation of a recently disclosed critical security flaw in NetScaler ADC and Gateway appliances that could result in exposure of sensitive information. Tracked as CVE-2023-4966 (CVSS score: 9.4), the vulnerability impacts the following supported versions - NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50 NetScaler ADC and NetScaler Gateway 13.1 before
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.