Discord Server Red Security Twitter Donation to Red Security Red Security Youtube Channel
Login or Register to Hide ads and Accessing all features on the forum
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
News PoC Published Regarding Citrix Bug:
[Image: 1*TYAzzTJ60x-qg5N81ElU9A.png]

             A public proof-of-concept has finally been published in regards to the Citrix bug, a bug that has quite a large sector of the private and infosec community abuzz, as its modus operandi is allowing hackers access to devices which in turn will allow them access to the main internal network. 

     The vulnerability is a path traversal bug, which can be utilized by an attacker remotely. No authentication credentials are required by the attacker when its attacking a device, all they need do is send a rigged request to the Citrix device, along with the code they plan to intend to execute on said device. 

     The biggest problem with this, is that Citrix sent out an advisory in December, its now about mid January and there is still no patch. While the number of scans has increased steadily, officials at Citrix have assured its users that the actual threat is minimal. Stating that without a public exploit, not many attackers will get very far. 

     That all changed with the PoC, and even a second one followed it, that was published by a different firm. The whole issue with Citrix, and the main vulnerability, and how they intend to mitigate the whole situation is still on-going. 

     Original article can be found here.

     That was the news folks, have a good day, and stay safe out there.


01001001 00100000 01000001 01001101 00100000 01011010 01001111 01000100 01001001 01000001 01000011

Users browsing this thread: 1 Guest(s)