Nicely-known British cybersecurity researcher and risk analyst Kevin Beaumont colorfully in contrast the flaw to “Kanye West returning to Twitter,” the identical outdated chaos however louder.
Citrix launched patches on June 17 for variations 14.1, 13.1, and equal FIPS/NDcPP builds. Variations 12.1 and 13.0 are EOL, and an improve is obligatory.
Indications of real-world exploitation
ReliaQuest researchers stated that, in a number of incidents, attackers have been seen hijacking lively Citrix internet periods and bypassing multi-factor authentication (MFA) with out requiring person credentials. The analysis additionally highlighted “session reuse throughout a number of IPs, together with mixtures of anticipated and suspicious IPs.”
In compromised environments, attackers proceeded with post-authentication reconnaissance, issuing light-weight listing entry protocol (LDAP) queries and working instruments like ADExplorer64.exe to map out Energetic Listing buildings.
