Citrix limits technical info on vulnerabilities and patches after exploits

By

Fears reverse engineering.

Enterprise application and desktop virtualisation vendor Citrix will not provide full technical details of vulnerabilities discovered in the company's products, or the patches for these, in an effort to limit the development of exploits.

Citrix limits technical info on vulnerabilities and patches after exploits

Citrix chief security officer Fermin Serna said the move was designed to shield intelligence from malicious actors.

"Across the industry, today's sophisticated malicious actors are using the details and patches to reverse engineer exploits," Serna said.

Earlier this year, Citrix Application Delivery Controller or Netscaler servers were subject to large-scale exploitation attempts that used the CVE-2019-19781 to gain access to the devices to run cryptomining malware.

It is believed that attackers also used the CVE-2019-19781 vulnerability against Toll Group and Fisher and Paykel Appliances to plant the Nefilim ransomware, shutting down the organisations' IT systems in the proicess.

Serna also provided additional information on a set of 11 vulnerabilities in the Citrix ADC, Gateway and SD-WAN WANOP products, and stressed that they were not related to CVE-2019-19781.

Although some of the vulnerabilities could result in a system compromise, Ferna pointed out that five of them have barriers to attacks that reduce the risk of exploitation.

There are no known exploits in the wild for the new set of vulnerabilities.

Despite the barriers to exploitation, Serna strongly recommended that Citrix customers apply the security patches.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

The Northern Beaches Women's Shelter hones focus on tech-enabled abuse

The Northern Beaches Women's Shelter hones focus on tech-enabled abuse

Log In

  |  Forgot your password?