Citrix released an update covering multiple vulnerabilities in Citrix Endpoint Management (CEM) also referred to as XenMobile. Chaining the vulnerabilities allows an unauthenticated remote attacker to gain control over the Citrix Endpoint Management (CEM) server.
The vulnerabilities can be tracked as CVE-2020-8208, CVE-2020-8209, CVE-2020-8210, CVE-2020-8211, and CVE-2020-8212.
The vulnerability impacts vary between the specific version of the software that is used and to exploit the vulnerability no authorization was needed.
An unauthenticated attacker can exploit the vulnerability by using a specially crafted URL that allows gaining access for sensitive data such as configuration files and encryption keys.
Following versions of Citrix Endpoint Management(CEM) affected with critical severity vulnerabilities
Following are the versions affected by medium and low severity vulnerabilities
“We recommend these upgrades be made immediately. While there are no known exploits as of this writing, we do anticipate malicious actors will move quickly to exploit.”
Citrix said that the cloud version of XenMobile is already patched, “but hybrid rights users need to apply the upgrades to any on-premises instance.”
Hackers Actively Scanning & Constantly Attempt To Exploit Citrix ADC Vulnerabilities
Critical Bugs with Citrix Allow Unauthenticated Code Injection, Privilege Escalation DoS & Data Theft
- Packet Fingerprinting with Wireshark and Detecting NMap Scans cvv sites, cvv store
- Кандидат в президенты США рассказал о своем хакерском прошлом cvvstore, valid cc shop
- Ransomware Attacks Targeting Unpatched EOL SonicWall SMA 100 VPN Appliances buy cvv, feshop cc
- European Banking Authority victim in Microsoft Exchange Server hack dump shop, buying cvv
- Starting an InfoSec Career – The Megamix – Chapter 6 cvv dump, credit card dumps
Recent CommentsNo comments to show.