IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Hackers are taking advantage of Citrix vulnerabilities

Hackers discovered targeting corporate networks impacted by Citrix vulnerabilities

Savvy hackers have been crawling the web in an attempt to target corporate networks impacted by the recently disclosed vulnerabilities in Citrix systems.

Earlier this month, Citrix announced it discovered multiple vulnerabilities in Citrix ADC, Citrix Gateway  and Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO and 5100-WO.

Shortly after the announcement was made, hackers attempted to exploit the vulnerabilities to gain access to Citrix’s application delivery controller systems. To do so, hackers exploited the vulnerabilities of CVE-2020-8195 and CVE-2020-8196 in Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP. 

Johannes Ullrich, head of research at the SANS Technology Institute, used a honey pot setup to track hackers taking advantage of the Citrix vulnerabilities.

“As of today, my F5 honeypot is getting hit by attempts to exploit two of the Citrix vulnerabilities disclosed this week,” Ullrich said in a post published by the SANS Technology Institute.

“It is not clear exactly which CVE was assigned to which vulnerability, but the possible candidates are CVE-2020-8195, CVE-2020-8196,” he continued.

According to Ullrich, hackers used the vulnerabilities for arbitrary file downloads and to retrieve PCI-DSS reports from Citrix.

Citrix has since patched the vulnerabilities identified in its Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP. This included patching CVE-2020-8195 and CVE-2020-8196 as well.

CISO Citrix CISO Fermin J. Serna explained, however: “We are limiting the public disclosure of many of the technical details of the vulnerabilities and the patches to further protect our customers. Across the industry, today’s sophisticated malicious actors are using the details and patches to reverse engineer exploits.

"As such, we are taking steps to advise and help our customers but also do what we can to shield intelligence from malicious actors.”

Several hackers have attempted to target and exploit Citrix ADC in the past few months. In March, reports revealed the state-sponsored APT41 group targeted Citrix NetScaler/ADC, Cisco routers, and Zoho ManageEngine Desktop Central products to attack 75 customers between Jan. 20 and March 11.

Finastra experienced a ransomware attack targeting its Citrix ADC servers in March, exploiting the CVE-2019-1978 vulnerability as a potential attack vector.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

Everything you need to know about Citrix
software as a service (SaaS)

Everything you need to know about Citrix

10 Jun 2022
Citrix appoints 30-year tech vet Bob Calderoni as interim CEO
Careers & training

Citrix appoints 30-year tech vet Bob Calderoni as interim CEO

7 Oct 2021
Citrix mulling potential sale after tumultuous 2021
mergers and acquisitions

Citrix mulling potential sale after tumultuous 2021

15 Sep 2021

Most Popular

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Microsoft successfully tests emission-free hydrogen fuel cell system for data centres
data centres

Microsoft successfully tests emission-free hydrogen fuel cell system for data centres

29 Jul 2022