16 Nov / 2022
Cyber Security
CVE: CVE-2022-27510, CVE-2022-27513 and CVE-2022-27516
On November 8 Citrix published a security bulletin announcing fixes for 3 vulnerabilities in their Citrix ADC products. CVE-2022-27510 is an authentication bypass weakness allowing unauthenticated user access to the system and has a CVSS severity of 9.8/10. Citrix Gateways are high-value targets because of the function they serve providing access to the inside of your network and are exploited very quickly so organisations operating an impacted product should update these systems immediately.
These vulnerabilities affect Citrix ADC and Citrix Gateway Appliances when they are configured as: SSL VPN, ICA Proxy, RDP Proxy, CVPN and AAA Virtual Server. Citrix-managed cloud services are unaffected.
Please reach out to us via our contact us page if you are concerned.
The Perfect 10 - Remote Code Execution in Apache Log4j Requiring Emergency Patching
CVE: CVE-2021-44228 CVSS Score: 10 (Critical)What Is Vulnerable?: Apache Log4j Version 2.15-rc1 or prior. (All version prior to 2.15-rc1 are vu…
Read MoreThe Cythera Approach To Incident Response
We’re increasingly assisting more organisations respond to security incidents and breaches, in every industry vertical. If you need some point…
Read MoreAdversary Simulation: Aka. Red Teaming - Moving Beyond Penetration Testing
Cythera are often approached by clients looking for Red Team services, social engineering and similar attacks which emulate real-world attackers…
Read More