Cybercrime as-a-service
,
Cyberwarfare / Nation-State Attacks
,
Endpoint Security
Advisory Urges Customers to Update their Devices to the Latest Firmware
Researchers uncovered thousands of Citrix servers that are vulnerable to two critical flaws, one of which is being actively exploited by nation-state hackers. Netgear also warned its customers about a denial of service vulnerability affecting some of its devices.
See Also: OnDemand | Understanding Human Behavior: Tackling Retail’s ATO & Fraud Prevention Challenge
Both companies urged their respective customers to update their devices to the latest firmware as soon as possible.
The two vulnerabilities in Citrix servers tracked CVE-2022-27510 and CVE-2022-27518 affect Citrix ADC and Citrix Gateway, the company’s cloud-based solutions for network traffic and access control.
Although the company released patches for both flaws and requested its users upgrade to the latest updates, a recent analysis by the researchers at Fox-IT revealed that thousands of servers still remain vulnerable to these flaws.
These include nearly 500 devices that are vulnerable to both the security flaws as well as nearly 4,000 built version 12.1-65.21 devices vulnerable to CVE-2022-27518 across Germany, the U.K, Netherlands with the U.S accounting for the largest number of unpatched devices.
Flaws in Citrix Servers
While the first flaw permits unauthorized access when exploited, the second allows remote arbitrary code execution to gain unauthorized access to the system, which is already being exploited by Chinese nation-state hackers to gain unauthorized access to vulnerable devices, the U.S. National Security Agency warned in a December alert. (see: Chinese Hackers Exploit Citrix Vulnerabilities)
According to the NSA, Chinese hackers are modifying legitimate binaries within Citrix ADC that are essential for running the application. The agency, therefore, recommended that Citrix users should check for malicious activities involving key binaries such as nsppe, nsaaad, nsconf, nsreadfile, and nsconmsg, noting that any alteration to these codes should be immediately investigated.
The agency also recommended that Citrix ADC should also run behavioral checks to look for unusual user account activity or unauthorized modification of user permissions. If any of the Citrix ADC users detected such activity, the NSA recommended the users move the device to behind the VPN or similar applications which will require multifactor authentication before the access is granted or isolating the impacted system to contain the spread of the malware.
Flaws in Netgear Devices
The network hardware company, Netgear is yet to disclose information about what component is affected, but the company said the flaw allows an attacker to create a buffer overflow on a device, triggering a denial of service.
The affected devices include Wireless AX Router Nighthawk’s model RAX75 and RAX80; and Wireless AC Router Nighthawk’s R7000, R7000P, R7960P and R8000P; and other Wireless AC routers.
The vulnerability tracked as PSV-2019-0104 with a CVSS score of 7.5.
“The pre-authentication buffer overflow vulnerability remains if you do not complete all recommended steps, and NETGEAR is not responsible for any consequences that could have been avoided,” the company said.
Previous Netgear Flaws
Last year, Netgear fixed three critical vulnerabilities affecting several smart switch products that, if exploited, give the attacker complete control over the compromised device. Netgear issued a security advisory confirming that it has issued patches for 20 Netgear products affected by these vulnerabilities.
Gynvael Coldwind, a security researcher on Google’s security team identified the critical vulnerabilities and reported it to Netgear.
The CVEs for these vulnerabilities have not yet been assigned, but Coldwin calls the three vulnerabilities Demon’s Cries (CVSS score: 9.8), Draconian Fear (CVSS score: 7.8), and the yet-to-be-published Seventh Inferno. (See: Netgear Fixes Critical Flaws Affecting Smart Switches).
Akshaya Asokan contributed to this report.