Thousands of Citrix Servers Exposed to Zero-Day Bug

From infosecurity-magazine.com

Over 15,000 Citrix servers worldwide are at risk of compromise unless administrators patch urgently, a leading security non-profit has warned.

The Shadowserver Foundation trawls the internet for data on malicious activity. It revealed in a Twitter post on Friday that, of the impacted servers, the largest number were based in the US (5700) followed by Germany (1500), the UK (1000) and Australia (582).

Read more on Citrix vulnerabilities: Citrix Admins Urged to Act as PoC Exploits Surface

“This assessment is version based – that is we tag all IPs where we see a version hash in a Citrix instance. This is due to the fact that Citrix has removed version hash information in recent revisions, including the latest update with the fix,” the non-profit explained in a longer note on its website.

“It is thus safe to assume in our view that all instances that still provide version hashes have not been updated and thus, providing no mitigation is in place, remain vulnerable. In addition, we have also added tagged as vulnerable instances that return a ‘Last Modified’ headers with a date before July 1, 2023 00:00:00Z. Make sure to update.”

Read more…