147 views 4 secs 0 comments

CISA pushes federal agencies to patch Citrix RCE within a week

In News, Data Breach News
January 18, 2024
CISA pushes federal agencies to patch Citrix RCE within a week
Image: Greg Nash

Bleeping Computer reports:

Today, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days actively exploited in attacks, pushing for a Citrix RCE bug to be patched within a week.

The cybersecurity agency added the flaws to its Known Exploited Vulnerabilities Catalog today, saying that such vulnerabilities are “frequent attack vectors for malicious cyber actors” that pose “significant risks to the federal enterprise.”

Citrix urged customers on Tuesday to immediately patch Internet-exposed Netscaler ADC and Gateway appliances against the CVE-2023-6548 code injection vulnerability and the CVE-2023-6549 buffer overflow impacting the Netscaler management interface that could be exploited for remote code execution and denial-of-service attacks, respectively.

Read more at Bleeping Computer.