tl;dr
Citrix disclosed on July 7th, 2020 a number of vulnerabilities in the Application Delivery Controller. This blog is a summary of what we know as the situation develops.
About the Research and Intelligence Fusion Team (RIFT):
RIFT leverages our strategic analysis, data science, and threat hunting capabilities to create actionable threat intelligence, ranging from IoCs and detection capabilities to strategic reports on tomorrow’s threat landscape. Cyber security is an arms race where both attackers and defenders continually update and improve their tools and ways of working. To ensure that our managed services remain effective against the latest threats, NCC Group operates a Global Fusion Center with Fox-IT at its core. This multidisciplinary team converts our leading cyber threat intelligence into powerful detection strategies.
SANS Reporting
SANS initially reported on July 9th that they saw initial scanning activity but it was unclear for which vulnerability.
Combination of Two Vulnerabilities
Two issues if combined can result in remote compromise, namely:
- CVE-2020-8193 – an authentication bypass
- CVE-2020-8195 and CVE-2020-8196 – but at this time unclear which
We have seen these two issues combined:
Impact and Advice
NCC Group’s RIFT have been able to achieve compromise in certain, at the moment, esoteric configurations.
Our advice is that patches should be deployed as soon as is possible.
Change Log
July 10th, 2020 @ 13:50 – v1.0 – Initial version
Published by RIFT: Research and Intelligence Fusion Team
RIFT leverages our strategic analysis, data science, and threat hunting capabilities to create actionable threat intelligence, ranging from IoCs and detection capabilities to strategic reports on tomorrow’s threat landscape. Cyber security is an arms race where both attackers and defenders continually update and improve their tools and ways of working. To ensure that our managed services remain effective against the latest threats, NCC Group operates a Global Fusion Center with Fox-IT at its core. This multidisciplinary team converts our leading cyber threat intelligence into powerful detection strategies. View all posts by RIFT: Research and Intelligence Fusion Team
Published