Vulnerabilities were found in Citrix solutions, Zoho ManageEngine products, and Netgear routers that need quick patching. An APT actor is actively exploiting one Citrix vulnerability, and it is probable that there will be attempts to take advantage of the Netgear and Zoho vulnerabilities on devices without patching.
Active Exploitation of Citrix ADC and Citrix Gateway Vulnerabilities
In the middle of December, companies that utilize the Citrix ADC load balancing and/or Citrix Gateway remote access solutions were encouraged to quickly upgrade to the most recent software versions to repair two critical vulnerabilities, CVE-2022-27518 and CVE-2022-27510. The National Security Agency (NSA) and the Health Sector Cybersecurity Coordination Center (HC3) gave security warnings concerning the vulnerabilities. A Chinese APT actor is known to exploit one vulnerability to execute remote code on vulnerable servers.
According to a new scan by Fox-IT, in spite of active exploitation, a number of servers are still vulnerable. The majority of those servers are found in the U.S. For several weeks now, one vulnerability is being actively targeted. Therefore, all companies that have not applied the most recent version yet must do so right away and likewise check for probable exposure. These are the security advisories from the NSA and HC3
Immediate Patching Required for Critical Zoho ManageEngine Vulnerability
Zoho is informing all customers of its ManageEngine Password Manager Pro, PAM360, along with Access Manager Plus solutions to use the latest version of the software immediately to correct a critical SQL injection vulnerability. CVE-2022-47523 can be taken advantage of by an enemy to acquire unauthenticated access to the after-sales database and accomplish customized questions.
The patches, introduced at the end of December, put appropriate validation and escape of special characters to stop vulnerability exploitation. Users ought to update to Access Manager Plus v4309 and Password Manager Pro v12210, PAM360 v 5801.
Nation-state threat actors have previously exploited ManageEngine vulnerabilities. A Chinese APT actor is believed to have influenced the 2021 vulnerability on Internet-facing servers, as pointed out in a security alert from CISA and the FBI, therefore taking advantage of the recently disclosed vulnerability may be expected. Approximately 11,000 servers control the impacted tools and will be vulnerable when not upgraded to the newest versions.
High-Severity Vulnerability Discovered in Netgear Routers
Netgear has given a security advisory concerning a high-severity pre-authentication buffer overflow a weakness impacting a lot of versions of its routers, which can be taken advantage of by an enemy to bring about a denial-of-service condition. The vulnerability is monitored as PSV-2019-0104 with a CVSS v3 severity score of 7.4.
The vulnerability impacts the RAX35, RAX40, R6400v2, R6400v3, R6900P, R7000, R7000P, R7960P, and R8000P routers. End users ought to upgrade the software program immediately to avoid taking advantage of the vulnerability. The chosen firmware versions are the following:
- R6400v2 + R6700v3 – Version 22.214.171.124
- RAX40 + RAX35 – Version 126.96.36.199
- R6900P + R7000P – Version 188.8.131.52
- R7000 – Version 184.108.40.206
- R7960P + R8000P – Version 220.127.116.11