Vulnerabilities have been discovered in Citrix solutions, Netgear routers, and Zoho ManageEngine products that require immediate patching. One of the Citrix vulnerabilities is being actively exploited by an APT actor, and it is likely that attempts will be made to exploit the Netgear and Zoho flaws on unpatched devices.
Citrix Gateway and Citrix ADC Vulnerabilities Being Actively Exploited
In mid-December, organizations that use the Citrix Gateway remote access and/or Citrix ADC load balancing solutions were advised to urgently update to the latest software versions to fix two critical vulnerabilities, CVE-2022-27510 and CVE-2022-27518. Both the National Security Agency (NSA) and the Health Sector Cybersecurity Coordination Center (HC3) issued security alerts about the flaws, one of which is known to have been exploited by a Chinese APT actor to achieve remote code execution on vulnerable servers.
Despite active exploitation, a concerning number of servers remain vulnerable to the flaw, most of which are located in the United States, according to a recent scan by Fox-IT. Since at least one of the vulnerabilities has been actively targeted for several weeks, any organizations that have not yet upgraded to the latest version should do so immediately and also check for potential compromise, per the NSA and HC3 security advisories.
Critical Zoho ManageEngine Vulnerability Requires Immediate Patching
Zoho is urging all users of its ManageEngine Password Manager Pro, PAM360, and Access Manager Plus solutions to update the software to the latest version as soon as possible to fix a critical SQL injection vulnerability. The vulnerability, CVE-2022-47523, could be exploited by an adversary to gain unauthenticated access to the backend database and execute custom queries.
The patches, which were released in late December, add proper validation and escaping special characters to prevent exploitation of the flaw. Users should upgrade to Password Manager Pro v12210, PAM360 v 5801, and Access Manager Plus v4309.
ManageEngine vulnerabilities have previously been targeted by nation-state threat actors, with a 2021 vulnerability suspected of being exploited on Internet-facing servers by a Chinese APT actor, according to a security advisory from CISA and the FBI, so exploitation of the recently disclosed flaw can be expected. Around 11,000 servers are running the affected solutions and will be vulnerable if not updated to the latest versions.
High-Severity Vulnerability Identified in Netgear Routers
Netgear has issued a security advisory about a high-severity pre-authentication buffer overflow vulnerability affecting several models of its routers, which could be exploited by an adversary to trigger a denial-of-service condition. The vulnerability is tracked as PSV-2019-0104 and has a CVSS v3 severity score of 7.4.
The vulnerability affects the company’s RAX40, RAX35, R6400v2, R6400v3, R6900P, R7000P, R7000, R7960P, and R8000P routers. Users should update the firmware as soon as possible to prevent exploitation of the flaws. The updated firmware versions are:
- RAX40 + RAX35 – Version 1.0.2.60
- R6400v2 + R6700v3 – Version 1.0.4.122
- R6900P + R7000P – Version 1.3.3.152
- R7000 – Version 1.0.11.136
- R7960P + R8000P – Version 1.4.4.94
The post Urgent Patching Required to Fix Critical Citrix, Netgear, and Zoho ManageEngine Vulnerabilities appeared first on HIPAA Journal.