mekhalleh (3)

Last Login: April 23, 2024
Assessments
1
Score
3

mekhalleh's Latest (1) Contributions

Sort by:
Filter by:
2
Ratings
  • Attacker Value
    Medium
  • Exploitability
    Very High
Common in enterpriseUnauthenticatedDifficult to weaponize
Technical Analysis

Full details are here : https://dmaasland.github.io/posts/citrix.html

Public reporting on July 8th, 2020 by Donny Maasland discussed how the vulnerability could be exploited.

As of July 10th, RIFT has confirmed that this vulnerability can be used to extract valid VPN sessions from a vulnerable instance (cf. https://research.nccgroup.com/2020/07/10/rift-citrix-adc-vulnerabilities-cve-2020-8193-cve-2020-8195-and-cve-2020-8196-intelligence/amp/).

I write quicly a metasploit auxilary scanner and tested on netscaler 12.1 build 57.18 (https://github.com/Zeop-CyberSec/citrix_adc_netscaler_lfi)