Red Security

Full Version: PoC Published Regarding Citrix Bug:
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
[Image: 1*TYAzzTJ60x-qg5N81ElU9A.png]

             A public proof-of-concept has finally been published in regards to the Citrix bug, a bug that has quite a large sector of the private and infosec community abuzz, as its modus operandi is allowing hackers access to devices which in turn will allow them access to the main internal network. 

     The vulnerability is a path traversal bug, which can be utilized by an attacker remotely. No authentication credentials are required by the attacker when its attacking a device, all they need do is send a rigged request to the Citrix device, along with the code they plan to intend to execute on said device. 

     The biggest problem with this, is that Citrix sent out an advisory in December, its now about mid January and there is still no patch. While the number of scans has increased steadily, officials at Citrix have assured its users that the actual threat is minimal. Stating that without a public exploit, not many attackers will get very far. 

     That all changed with the PoC, and even a second one followed it, that was published by a different firm. The whole issue with Citrix, and the main vulnerability, and how they intend to mitigate the whole situation is still on-going. 

     Original article can be found here.

     That was the news folks, have a good day, and stay safe out there.