Hello, welcome to the Wednesday, July 8, 2020 edition of the Sansonet Storms on as Stormcast.

My name is Johannes Ulrich, and then I'm recording from Jacksonville, Florida.

So today I was kind of hoping we could wrap up the F5 Big IP vulnerability issue.

After all, we do have to work around for a week now.

We do have patches available.

And, well, the exploitation traffic we have seen is still there.

It's still ongoing.

But if anything, slowing down a little bit.

And earlier today, I did the special webcast talking about how this exploit works and

how the workaround such blocks it.

Well, it turns out there is a different version of this exploit out there.

The NCC group tweeted about this just earlier today

that they found a different exploit method being used

to gain again code execution on F5 big IP devices.

And again, this is something they have seen being used in the wild, and it's not

blocked by the simple workaround that F5 published that basically just blocks the dot-dot

in the URL. We'll see how this will develop, but looks like that you still need to patch quickly,

and definitely please make sure that you isolate the admin interface from the public.

But since these last couple weeks, all the Citrix ADC admin sort of laid back and watched the F5 Big IP admins sweat.

Well, today Citrix came up with updates for Citrix ADC and Citrix Gateway, fixing 11 different

vulnerabilities. Nothing here outrageously bad. There is one kind of interesting

vulnerability CVE 2020, 8194. It does allow code injection as an unauthenticated user,

...