Tag Archive for: vulns

Exploitation of Citrix NetScaler vulns reaching dangerous levels


Time may be running short for users of Citrix’s NetScaler Application Delivery Controller (ADC) and NetScaler Gateway products who have not yet patched against two recently disclosed vulnerabilities to do so, after cyber researchers started to see elevated levels of activity targeting them.

Disclosed on 10 October, and possibly exploited as long ago as August, the two flaws are tracked as CVE-2023-4966 and CVE-2023-4967. The first of these is a sensitive information disclosure vulnerability carrying a Common Vulnerability Scoring System (CVSS) score of 9.4, and the second is a denial-of-service vulnerability carrying a CVSS score of 8.2.

The growing volume of threat actor activity is targeting the first of these vulnerabilities, according to Citrix. In a statement, the company said: “We now have reports of incidents consistent with session hijacking, and have received credible reports of targeted attacks exploiting this vulnerability.”

Citrix said it strongly recommended users of the affected products to immediately install the updated, recommended builds, as well as killing all active and persistent sessions as a precaution. More details of how to do so are available from Citrix. Note that there are no further workarounds available.

Exploitation of CVE-2023-4966 may escalate still further after the publication of a public proof of concept (PoC) by researchers at AssetNote on 25 October. In his write-up, AssetNote’s Dylan Pindur revealed how he was able to exploit the vulnerability in order to obtain a valid session token.

“Like previous issues with Citrix NetScaler, the issue was made worse by a lack of other defence-in-depth techniques and mitigations,” wrote Pindur. “Not clearing sensitive data from what appear to be temporary buffers and stricter validation on client-provided data being the two most obvious mitigations which could have been applied to minimise the damage.”

Since this, multiple sources have stated that scanning activity has increased. In a statement posted to X, the website formerly known as Twitter, internet security specialist ShadowServer said its honeypot sensors had seen a “sharp increase in queries” related to CVE-2023-4966.

Source…

So nice of China to put all of its network zero-day vulns in one giant database no one will think to break into • The Register


Chinese makers of network software and hardware must alert Beijing within two days of learning of a security vulnerability in their products under rules coming into force in China this year.

Details of holes cannot be publicized until the bugs are fixed. Malicious exploit code cannot be released. There are restrictions on disclosing details of flaws to foreign organizations. And vendors will be under pressure to address these vulnerabilities as soon as they can and set up bounty programs to reward researchers.

The regulations are intended to tighten up the nation’s cyber-security defenses, crack down on the handling and dissemination of bugs, and keep China’s elite up to speed on exploitable flaws present in Chinese-made communications systems, wherever in the world that technology may be deployed.

It appears these rules ensure Beijing will be among the first to know of security weaknesses in equipment and software potentially present in foreign infrastructure and networks as well as domestic deployments. The rules were issued on Tuesday, come into effect on September 1, and apply to people and organizations operating within China. The following articles stuck out to us:

Though the rules are a little ambiguous in places, judging from the spirit of them, they throw a spanner in the works for Chinese researchers who work with, or hope to work with, zero-day vulnerability brokers. These sorts of regulations matter a lot: infosec experts in the Middle Kingdom earlier pulled out of exploit contests like Pwn2Own due to changes to the law within China.

“Chinese teams stopped participating in Pwn2Own after 2017 when there were regulatory changes that no longer allowed for participation in global exploit contests,” Brian Gorenc, head of ZDI and Pwn2Own at Trend Micro, told The Register on Wednesday.

It will also complicate matters for those hoping to engage with foreign bug bounty programs, which may or may not follow…

Source…

Anti-tracking, rowhammer problems and IoT vulns [Podcast] – Naked Security


How Firefox showed the hand to a widely abused online tracking trick. Why reading from one part of your computer’s memory can paradoxically (and sneakily) let you write to another part. And yet more IoT bugs, this time a whole slew of them that go by the moniker “name:wreck”.

With Kimberly Truong, Doug Aamoth and Paul Ducklin.

Intro and outro music by Edith Mudge.

LISTEN NOW

Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.


WHERE TO FIND THE PODCAST ONLINE

You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher, Overcast and anywhere that good podcasts are found.

Or just drop the URL of our RSS feed into your favourite podcatcher software.

If you have any questions that you’d like us to answer on the podcast, you can contact us at [email protected], or simply leave us a comment below.

Source…

Sierra Wireless Patches Critical Vulns in Range of Wireless Routers

The flaws would leave the enterprise devices helpless to a range of remote threats, including the charms of the Reaper IoT botnet.
Threatpost | The first stop for security news