21 C
Jaipur
Tuesday, October 27, 2020

Citrix Warns That Hackers May Exploit the New Patched Flaw Quickly

Must read

China launches crackdown on mobile web browsers, decries ‘chaos’ of information – Latest News

China's top cyber authority said it would carry out a "rectification" of Chinese mobile internet browsers to address what it called social concerns over...

cellphone: Japan unveils plan to prod carriers to cut cellphone charges – Latest News

Japan on Tuesday laid out a plan for reducing consumers' cellphone charges, as the government stepped up its bid to promote competition in the...

Uniqlo: Japanese apparel retailer Uniqlo forays into Indian online market – Latest News

Japanese global apparel retailer UNIQLO on Tuesday said it has forayed into the Indian online market. The company has introduced 'Shop From Home' service...

waymo: Waymo, Daimler partner to make self-driving trucks – Latest News

Alphabet Inc's autonomous driving technology development unit, Waymo, and a division of Germany's luxury carmaker Daimler AG have teamed up to make heavy-duty, self-driving...

Citrix released an update covering multiple vulnerabilities in Citrix Endpoint Management (CEM) also referred to as XenMobile. Chaining the vulnerabilities allows an unauthenticated remote attacker to gain control over the Citrix Endpoint Management (CEM) server.

The vulnerabilities can be tracked as CVE-2020-8208, CVE-2020-8209, CVE-2020-8210, CVE-2020-8211, and CVE-2020-8212.

Citrix Version Affected

The vulnerability impacts vary between the specific version of the software that is used and to exploit the vulnerability no authorization was needed.

An unauthenticated attacker can exploit the vulnerability by using a specially crafted URL that allows gaining access for sensitive data such as configuration files and encryption keys.

Following versions of Citrix Endpoint Management(CEM) affected with critical severity vulnerabilities

  • XenMobile Server 10.12 before RP2
  • XenMobile Server 10.11 before RP4
  • XenMobile Server 10.10 before RP6
  • XenMobile Server before 10.9 RP5

Following are the versions affected by medium and low severity vulnerabilities

  • XenMobile Server 10.12 before RP3
  • XenMobile Server 10.11 before RP6
  • XenMobile Server 10.10 before RP6
  • XenMobile Server before 10.9 RP5

Citrix recommends users with versions 10.9, 10.10, 10.11, and 10.12 to apply for the latest rolling patches and version prior to 10.9.x are recommended to upgrade with the supported version.

“We recommend these upgrades be made immediately. While there are no known exploits as of this writing, we do anticipate malicious actors will move quickly to exploit.”

Citrix said that the cloud version of XenMobile is already patched, “but hybrid rights users need to apply the upgrades to any on-premises instance.”

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read:

Hackers Actively Scanning & Constantly Attempt To Exploit Citrix ADC Vulnerabilities

Critical Bugs with Citrix Allow Unauthenticated Code Injection, Privilege Escalation DoS & Data Theft

Source link

- Advertisement -

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

China launches crackdown on mobile web browsers, decries ‘chaos’ of information – Latest News

China's top cyber authority said it would carry out a "rectification" of Chinese mobile internet browsers to address what it called social concerns over...

cellphone: Japan unveils plan to prod carriers to cut cellphone charges – Latest News

Japan on Tuesday laid out a plan for reducing consumers' cellphone charges, as the government stepped up its bid to promote competition in the...

Uniqlo: Japanese apparel retailer Uniqlo forays into Indian online market – Latest News

Japanese global apparel retailer UNIQLO on Tuesday said it has forayed into the Indian online market. The company has introduced 'Shop From Home' service...

waymo: Waymo, Daimler partner to make self-driving trucks – Latest News

Alphabet Inc's autonomous driving technology development unit, Waymo, and a division of Germany's luxury carmaker Daimler AG have teamed up to make heavy-duty, self-driving...