How did you reproduce locally? From where did you get a copy of Citrix SSL VPN?
Have reproduced Citrix SSL VPN pre-auth RCE successfully on both local and remote. Interesting bug!https://www.tripwire.com/state-of-security/vert/citrix-netscaler-cve-2019-19781-what-you-need-to-know/ …
-
-
-
Based upon his previous talks, maybe Amazon Marketplace? His "Infiltrating Corporate Intranet Like NSA" from blackhat is great.
- Još 1 odgovor
Novi razgovor -
-
-
Also, the mitigation (if “/vpns/“ and “/../“ are present in the url) seems kind of week. It’s not possible bypass with something like /vpn/..\vpns/? i don’t have a patched version to test on.
-
Novi razgovor -
-
-
https://support.citrix.com/article/CTX267679 … gives some hints on the exploit
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
@craigtweets@GossiTheDog article states that only management IPs (NSIPs) are vulnerable. Citrix recommendation is to configure NSIP to "non-routable IP on your organization's LAN". Can you confirm only improperly configured ADCs with public-facing NSIPs are vulnerable? -
If this is true tens of thousands of orgs have misconfigured it
- Još 1 odgovor
Novi razgovor -
-
-
Tweet je nedostupan.
- Još 2 druga odgovora
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.