Critical authentication-bypass vulnerabilities in Citrix and VMware offerings are threatening devices running remote workspaces with complete takeover, the vendors warned this week.
Given both vendors’ history of exploitation, admits are warned of prioritizing patching, alerts both disclosures prompted CISA on Wednesday.
Citrix Gateway, A Perfect Avenue for Infesting Orgs:
As for Citrix, a critical vulnerability tracked as CVE-2022-27510 (with a CVSS vulnerability-severity score of 9.8 out of 10) allows unauthorized access to the Citrix Gateway when device is used as SSL VPN solution. Consequently, allowing access to the internal company applications from any device through the Internet, and offering single sign-on across applications and devices.
This way the vulnerability would give a threat actor means to easily access initial data, then dig deeper into an organization’s cloud footprint and create nuisance across the network.
In a published advisory, Citrix also noted that its Application Delivery Controller (ADC) product, that provides admin visibility into applications across multiple cloud instances, is vulnerable to remote desktop takeover (CVE-2022-27513, CVSS 8.3), and brute force protection bypass (CVE-2022-27516, CVSS 5.3).
According to researcher Satnam Narang, Citrix Gateway and ADC have always been a favorite target to cybercriminals, thanks to how many parts of an organization they provide entrée into. Thus, marking the importance of patching.
“Citrix ADC and Gateways have been routinely targeted by a number of threat actors over the last few years through the exploitation of CVE-2019-19781, a critical path traversal vulnerability that was first disclosed in December 2019 and subsequently exploited beginning in January 2020 after exploit scripts for the flaw became publicly available,” Narang wrote in a Wednesday blog.
“CVE-2019-19781 has been leveraged by state-sponsored threat with ties to China and Iran, as part of ransomware attacks against various entities including the healthcare sector, and was recently included as part of an updated list of the top vulnerabilities exploited by the People’s Republic of China state-sponsored actors from early October,” he added.
Users should be quick in updating to Gateway versions 13.1-33.47, 13.0-88.12, and 12.1-65.21 to patch the latest issues.
VMware Workspace ONE Assist, a trio of cybercrime threat:
On the other hand, VMware has reported three authentication-bypass bugs, all in its Workspace ONE Assist for Windows. The bugs (CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687, all with CVSS 9.8) allows both local and remote attackers to gain administrative access privileges without the need to authenticate, giving them full run of targeted devices.
Read the full article here