Hello and welcome to the Wednesday, January 17th, 2024 edition of the Science and its Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Quick update on Yvante, we do certainly see some initial scanning in our honeypots. Again, our honeypots are not

specifically emulating this vulnerability. So what we're seeing are internet-wide scans,

meaning that if you are running a vulnerable instance, assume compromise at this point.

Well, Lexity, the company had originally detected,

the exploitation of the vulnerability,

says that they are now aware

based on their own scanning of 1,700 exploited devices.

Not to be outdone by Yvanti, our other favorite security grabware vendor Citrix has published an advisory with details regarding two vulnerabilities.

The first one is a denial of service vulnerability CVE 2023-6549.

The second one is an off-occation remote code execution vulnerability on the management interface, CVE

2023-6548.

That, again, is apparently already being exploited.

They also, again, recommend that the appliance's management interface should be

separated either physically or logically from normal network traffic. That should be really

understood for all of these type of devices, but apparently people aren't listening and there's

still thousands of them

connected directly to the internet. Patches have been made available by Citrix for all currently

supported versions of NetSkiller ADC and NetSkaler Gateway. Apparently, some older versions no longer

supported like the earlier versions of 12.1 are

vulnerable as well. One place where I have seen NetSkiller being deployed somewhat frequently

...