2023-08-17 01:49:03
In the past, Citrix was found to have a zero-day vulnerability in its Citrix NetScaler application delivery controller (ADC), which made it possible for malicious actors to carry out remote code execution.
The zero-day vulnerability was found to be in wild use and was assigned CVE ID 2023-3519 and a severity rating of 9.8 (critical). Citrix provided solutions to address the vulnerability, but there was no way to determine whether or not a particular Citrix device had been compromised.
A new report claims that more than 1900 NetScalers have been found to still be infected with a backdoor. This information was obtained during a recent investigation.
Mandiant has released a tool to help enterprise defenders determine if Citrix network devices have been hacked due to the fact that thousands of Citrix network products are still susceptible to a major vulnerability that has not been patched yet. which can be accessed on the Internet.
Citrix ADC and Citrix Gateway version 13.1, Citrix ADC and Citrix Gateway version 13.0, Citrix ADC and Citrix Gateway version 12.1, Citrix ADC and Citrix Gateway version 12.0 are all supported versions with which IoC Scanner can be used.
On July 18, Citrix released a patch for the critical zero-day vulnerability (CVE-2023-3519) in its NetScaler application delivery controller and gateway products. The company also recommended that companies using the vulnerable products implement the fix immediately. The vulnerability could be exploited to allow unauthenticated remote code execution. The vulnerability is already being aggressively exploited by various threat organizations, which do so by establishing web shells within corporate networks and carrying out hundreds of attacks.
According to the researchers’ findings, there are still close to 7,000 examples available on the web. About 460 of them had Web shells installed, most likely as a result of being compromised.
This application, which can be found on GitHub, was developed by Mandiant and has the ability to determine the file system paths of known malware, post-exploit activities in shell history, etc. The standalone Bash script can be run directly on a Citrix ADC appliance to look for known indications in files, processes, and ports. (The utility must be run on the device in live mode while logged in as root.) According to Mandiant, you can also examine a forensic image that has been staged for use in an investigation.
This application has a wide variety of functions, such as scanning,
File system path that could be a malware
Shell history for suspicious commands
NetScaler Directories and Files Matching IOC
Permissions or ownership of suspicious files
Crontab instances
Malicious processes running on the system
This solution, which was created in partnership with Citrix and Mandiant, has the sole purpose of helping businesses prevent compromised systems and search for evidence of their presence.
According to Mandiant, the IoC Scanner will do a “best effort job” to detect compromised items; however, it may not be able to locate all infected devices or determine whether or not the device is susceptible to exploitation. According to the company, “this tool is not guaranteed to find all proofs of compromise or all proofs of compromise related to CVE 2023-3519,” which is a vulnerability.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He has also worked for security companies such as Kaspersky Lab. His daily work includes investigating new malware and cybersecurity incidents. He also has a deep level of knowledge in mobile security and mobile vulnerabilities.
Send news tips to [email protected] or www.instagram.com/iicsorg/
You can also find us on Telegram www.t.me/noticiasciberseguridad
#free #Citrix #ADC #ZeroDay #Scanner #tool #helps #discover #servers #vulnerable #CVE20233519