cve - Cloud Computing Help

Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27507 and CVE-2022-27508

May 30, 2022 by Stefanos Evangelou

Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27507 and CVE-2022-27508 The following vulnerabilities have recently been discovered and announced by Citrix. CVE-2022-27507 Authenticated denial of service CWE-400: Uncontrolled Resource Consumption  VPN (Gateway) virtual server with DTLS, and either ‘HDX Insight for EDT traffic’ or ‘SmartControl’ is configured CVE-2022-27508 Unauthenticated denial of service … Read more

Windows DCOM hardening

May 23, 2022May 11, 2022 by Stefanos Evangelou

Introduction The Distributed Component Object Model (DCOM) Remote Protocol is a protocol for exposing application objects by way of remote procedure calls (RPCs). The protocol consists of a set of extensions layered on Microsoft Remote Procedure Call Protocol Extensions as specified in [MS-RPCE]. The DCOM Remote Protocol is also referred to as Object RPC or … Read more

Citrix ADC security vulnerabilities

November 15, 2021 by Stefanos Evangelou

Citrix ADC security vulnerabilities description A new security vulnerability with ID CVE-2021-22955 (Unauthenticated denial of service) has been discovered in Citrix ADC, which affects the following Citrix products and firmware versions: Citrix ADC and Citrix Gateway 13.0 before 13.0-83.27 Citrix ADC and Citrix Gateway 12.1 before 12.1-63.22 Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.23 Citrix ADC 12.1-FIPS before 12.1-55.257 Also a new security vulnerability with … Read more

Citrix announced VAD security vulnerabilities

June 4, 2021November 10, 2020 by Stefanos Evangelou

Citrix Virtual Apps and Desktops Deployment and Adoption Resource Center

Case Citrix announced on November 10th 2020 the following vulnerabilities. CVE ID Description Vulnerability Type Pre-conditions CVE-2020-8269 An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM CWE-269: Improper Privilege Management The attacker must be an authenticated user on the Windows VDA with write access to the C:\ directory CVE-2020-8270 An unprivileged Windows user on the VDA or a SMB user can perform arbitrary command execution as SYSTEM CWE-78: Improper Neutralization of Special … Read more

Citrix Security Vulnerability CVE-2019-19781

January 14, 2020 by Stefanos Evangelou

The Cybersecurity and Infrastructure Security Agency (CISA) has released a utility that enables users and administrators to test whether their Citrix Application Delivery Controller (ADC) and Citrix Gateway software is susceptible to the CVE-2019-19781 vulnerability. According to Citrix Security Bulletin CTX267027, beginning on January 20, 2020, Citrix will be releasing new versions of Citrix ADC and Citrix Gateway … Read more