A new exploit technique targeting a recent Citrix Application Delivery Controller (ADC) and Gateway vulnerability can be used against thousands of unpatched devices, cybersecurity firm Bishop Fox claims.
Tracked as CVE-2023-3519 and patched last week, the critical-severity bug can be exploited to execute arbitrary code remotely, without authentication, on vulnerable appliances that are configured as a gateway or AAA virtual server.
Last week, CISA warned that attacks exploiting the flaw have been seen since June 2023, in at least one case targeting a critical infrastructure organization.
On Friday, Bishop Fox warned of a new way to exploit the vulnerability, one that can be used against any appliance that is set as a gateway or AAA virtual server and which exposes a specific route that is enabled by default on certain installations.
“The vulnerability is a simple unauthenticated stack overflow. This is made significantly worse by the fact that exploit mitigations do not protect the vulnerable function on some versions,” Bishop Fox notes.
“The vulnerable binary is compiled without PIE and with an executable stack, and on the VPX version, there is no stack canary. As a result, exploitation is trivial. Our exploit cleanly returns without crashing the vulnerable process,” the cybersecurity firm continues.
The exploit, the company says, is different from previously detailed exploitation techniques and does not require SAML to be enabled. However, technical details on the identified vulnerable route are not being disclosed now.
Bishop Fox also notes that their analysis of the vulnerable appliances revealed the existence of roughly 61,000 Citrix Gateway login pages that are accessible from the internet, with more than half of these devices (roughly 32,000) unpatched against CVE-2023-3519.
Furthermore, the company claims that roughly 21,000 appliances that are unpatched also expose the vulnerable route, which renders them prone to the new exploitation technique.
Related: Citrix Patches Critical Vulnerability in Secure Access Client for Ubuntu
Related: Citrix Patches High-Severity Vulnerabilities in Windows, Linux Apps
Related: Citrix Patches Critical Vulnerability in Gateway, ADC
More from Ionut Arghire
- Generative AI Startup Nexusflow Raises $10.6 Million
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
- Cloudflare Users Exposed to Attacks Launched From Within Cloudflare: Researchers
- FBI Warns Organizations of Dual Ransomware, Wiper Attacks
- Lumu Raises $30 Million for Threat Detection and Response Platform
- Cisco Warns of IOS Software Zero-Day Exploitation Attempts
- Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits
Latest News
- Bankrupt IronNet Shuts Down Operations
- AWS Using MadPot Decoy System to Disrupt APTs, Botnets
- Generative AI Startup Nexusflow Raises $10.6 Million
- In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- National Security Agency is Starting an Artificial Intelligence Security Center
- CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
