Cybercrime as-a-service , Cyberwarfare / Nation-State Attacks , Endpoint Security
Flaws in Citrix Servers; Netgear Issues Critical AdvisoryCompany Urges Customers to Update Their Devices to the Latest Firmware
Researchers uncovered thousands of Citrix servers that are vulnerable to two critical flaws, one of which is being actively exploited by nation-state hackers. Netgear also warned its customers about a denial-of-service vulnerability affecting some of its devices.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
Both companies urged their respective customers to update their devices to the latest firmware as soon as possible.
The two vulnerabilities in Citrix servers, tracked as CVE-2022-27510 and CVE-2022-27518, affect Citrix ADC and Citrix Gateway, the company's cloud-based solutions for network traffic and access control.
Although the company released patches for both flaws and requested its users upgrade to the latest updates, a recent analysis by the researchers at Fox-IT revealed that thousands of servers still remain vulnerable to these flaws.
These include nearly 500 devices that are vulnerable to both the security flaws as well as nearly 4,000 built version 12.1-65.21 devices vulnerable to CVE-2022-27518 across Germany, the U.K and the Netherlands. The U.S accounts for the largest number of unpatched devices.
Flaws in Citrix Servers
While the first flaw permits unauthorized access when exploited, the second allows remote arbitrary code execution to gain unauthorized access to the system. It is already being exploited by Chinese nation-state hackers to gain unauthorized access to vulnerable devices, the U.S. National Security Agency warned in a December alert (see: Chinese Hackers Exploit Citrix Vulnerabilities).
According to the NSA, Chinese hackers are modifying legitimate binaries within Citrix ADC that are essential for running the application. The agency, therefore, recommended that Citrix users should check for malicious activities involving key binaries such as
nsconmsg, adding that any alteration to these codes should be immediately investigated.
The agency also recommended that Citrix ADC run behavioral checks to look for unusual user account activity or unauthorized modification of user permissions. If any of the Citrix ADC users detected such activity, the NSA recommended the users move the device to behind the VPN or similar applications that require multifactor authentication before the access is granted or isolate the affected system to contain the spread of the malware.
Flaws in Netgear Devices
The network hardware company Netgear has yet to disclose information about what component is affected, but the company said the flaw allows an attacker to create a buffer overflow on a device, triggering a denial of service.
The affected devices include Wireless AX Router Nighthawk's model RAX75 and RAX80; Wireless AC Router Nighthawk's R7000, R7000P, R7960P and R8000P; and other Wireless AC routers.
The vulnerability is tracked as PSV-2019-0104 and has a CVSS score of 7.5.
"The pre-authentication buffer overflow vulnerability remains if you do not complete all recommended steps, and NETGEAR is not responsible for any consequences that could have been avoided," the company said.
Previous Netgear Flaws
Last year, Netgear fixed three critical vulnerabilities affecting several smart switch products that, if exploited, give the attacker complete control over the compromised device. Netgear issued a security advisory confirming that it has issued patches for 20 Netgear products affected by these vulnerabilities.
Gynvael Coldwind, a security researcher on Google's security team, identified the critical vulnerabilities and reported them to Netgear.
The CVEs for these vulnerabilities have not yet been assigned, but Coldwind calls the three vulnerabilities Demon's Cries - CVSS score: 9.8, Draconian Fear - CVSS score: 7.8, and the yet-to-be-published Seventh Inferno (see: Netgear Fixes Critical Flaws Affecting Smart Switches).
Akshaya Asokan contributed to this report.