Citrix Archives - Securezoo

Citrix addresses 4 Hypervisor vulnerabilities

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / January 15, 2022 January 15, 2022

Citrix has issued a security update for Citrix Hypervisor vulnerabilities, that may each allow privileged code in a guest VM to cause the host to crash or become unresponsive.

Tags: Citrix, Hypervisor, XenServer

Citrix addresses vulnerability (CVE-2022-21825) in Workspace App for Linux

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / January 11, 2022 January 11, 2022

Citrix has addressed a vulnerability in Workspace App for Linux that could result in elevation of privileges as root.

Tags: Citrix, CVE-2022-21825, Workspace

Citrix addresses Critical DoS vulnerability in ADC and Citrix Gateway products

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / November 11, 2021 November 11, 2021

Citrix has addressed a Critical unauthenticated denial of service (DoS) vulnerability CVE-2021-22955 in ADC and Citrix Gateway products.

Tags: AAA virtual server, ADC, Citrix, CVE-2021-22955, Gateway, SD-WAN, VPN, WANOP

Citrix Hypervisor security updates

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / September 10, 2021 September 11, 2021

Citrix has issued a security update for Citrix Hypervisor vulnerabilities, that may collectively allow an attacker to launch privileged code in a guest VM to compromise or crash the host.

Tags: Citrix, CVE-2021-28694, CVE-2021-28697, CVE-2021-28698, CVE-2021-28699, CVE-2021-28701, Hypervisor

Top 30 most commonly exploited vulnerabilities over 2020 and 2021

Cybersecurity Attacks, Vulnerabilities & Exploits / By Frank Crast / July 29, 2021 August 6, 2021

Cybersecurity experts from Australia, U.K., and U.S. governments have released a list of the most commonly exploited vulnerabilities over 2020 and 2021.

Tags: Atlassian, BIG-IP, Citrix, CVE 2018-13379, CVE 2019-11510, CVE 2019-18935, CVE 2020-15505, CVE 2020-5902, CVE-2017-11882, CVE-2018-13379, CVE-2018-7600, CVE-2019-0604, CVE-2019-11580, CVE-2019-19781, CVE-2019-5591, CVE-2020-0787, CVE-2020-12812, CVE-2020-1472, CVE-2021-21985, CVE-2021-22894, CVE-2021-22899, CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104, Drupal, F5, Fortinet, MobileIron, Netlogon, Office, Pulse, Zerologon

Citrix patches privileged escalation vulnerability in Virtual Apps and Desktops

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / July 17, 2021 July 17, 2021

Citrix has patched a vulnerability (CVE-2021-22928) in Virtual Apps and Desktops that could result in privilege escalation on a Windows Virtual Delivery Agent (VDA).

Tags: Citrix, CVE-2021-2292, VDA, Virtual Apps and Desktops, Windows

Citrix fixes 3 Hypervisor vulnerabilities

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / March 31, 2021 March 31, 2021

Citrix has released patches for Citrix Hypervisor that address two vulnerabilities. If exploited, an attacker could exploit privileged code in a guest VM and cause the host to crash or become unresponsive.

Tags: Citrix, CVE-2020-35498, CVE-2021-28038, CVE-2021-28688, Hypervisor, LTSR

APT actors exploit legacy internet-facing vulnerabilities in combination with Zerologon to target organizations

Cybersecurity Articles, Cybersecurity Attacks, Vulnerabilities & Exploits / By Frank Crast / October 10, 2020 October 10, 2020

Advanced persistent threat actors (APTs) are exploiting multiple legacy vulnerabilities in combination with newer “Zerologon” to target government networks, critical infrastructure, and elections organizations.

Tags: BIG-IP, CISA, Citrix, CVE-2018-13379, CVE-2019-11510, CVE-2019-19781, CVE-2020-1472, CVE-2020-15505, CVE-2020-2021, CVE-2020-5902, F5, FortiGuard, FortiOS, MobileIron, Netscaler, Palo Alto Networks, Pulse Secure, Zerologon

Chinese threat actors targeting U.S. government agencies and these 4 CVEs

Cybersecurity Articles, Cybersecurity Attacks, Vulnerabilities & Exploits / By Frank Crast / September 15, 2020 October 10, 2020

Chinese Ministry of State Security (MSS)-affiliated cyber threat actors are targeting U.S. government agencies, as well as exploiting four popular vulnerabilities over the past 12 months.

Tags: BIG-IP, Citrix, CVE-2019-11510, CVE-2019-19781, CVE-2020-0688, CVE-2020-5902, DHS, Exchange, F5, Microsoft, MSS, Pulse Secure, VPN

Patch these 10 most commonly exploited vulnerabilities

Cybersecurity Articles, Cybersecurity Attacks, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / May 20, 2020 May 20, 2020

U.S. government cybersecurity experts are providing guidance on the “top 10” most commonly exploited vulnerabilites. The alert helps highlight the importance of patching and prioritizing vulnerabilities with known exploits.

Tags: Apache, Citrix, CVE-2012-0158, CVE-2015-1641, CVE-2017-0143, CVE-2017-0199, CVE-2017-11882, CVE-2017-5638, CVE-2017-8759, CVE-2018-4878, CVE-2018-7600, CVE-2019-0604, CVE-2019-11510, CVE-2019-19781, Drupalgeddon2, Flash, Gafgyt, JexBoss, Kitty, LinkedIn, LokiBot, Mirai, Pulse Secure, ROKRAT, SMBGhost, Struts, Zyklon