The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Urgent Patching Required to Fix Critical Citrix, Netgear, and Zoho ManageEngine Vulnerabilities

Posted By on Jan 5, 2023

Vulnerabilities have been discovered in Citrix solutions, Netgear routers, and Zoho ManageEngine products that require immediate patching. One of the Citrix vulnerabilities is being actively exploited by an APT actor, and it is likely that attempts will be made to exploit the Netgear and Zoho flaws on unpatched devices.

Citrix Gateway and Citrix ADC Vulnerabilities Being Actively Exploited

In mid-December, organizations that use the Citrix Gateway remote access and/or Citrix ADC load balancing solutions were advised to urgently update to the latest software versions to fix two critical vulnerabilities, CVE-2022-27510 and CVE-2022-27518. Both the National Security Agency (NSA) and the Health Sector Cybersecurity Coordination Center (HC3) issued security alerts about the flaws, one of which is known to have been exploited by a Chinese APT actor to achieve remote code execution on vulnerable servers.

Despite active exploitation, a concerning number of servers remain vulnerable to the flaw, most of which are located in the United States, according to a recent scan by Fox-IT. Since at least one of the vulnerabilities has been actively targeted for several weeks, any organizations that have not yet upgraded to the latest version should do so immediately and also check for potential compromise, per the NSA and HC3 security advisories.

Critical Zoho ManageEngine Vulnerability Requires Immediate Patching

Zoho is urging all users of its ManageEngine Password Manager Pro, PAM360, and Access Manager Plus solutions to update the software to the latest version as soon as possible to fix a critical SQL injection vulnerability. The vulnerability, CVE-2022-47523, could be exploited by an adversary to gain unauthenticated access to the backend database and execute custom queries.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The patches, which were released in late December, add proper validation and escaping special characters to prevent exploitation of the flaw. Users should upgrade to Password Manager Pro v12210, PAM360 v 5801, and Access Manager Plus v4309.

ManageEngine vulnerabilities have previously been targeted by nation-state threat actors, with a 2021 vulnerability suspected of being exploited on Internet-facing servers by a Chinese APT actor, according to a security advisory from CISA and the FBI, so exploitation of the recently disclosed flaw can be expected. Around 11,000 servers are running the affected solutions and will be vulnerable if not updated to the latest versions.

High-Severity Vulnerability Identified in Netgear Routers

Netgear has issued a security advisory about a high-severity pre-authentication buffer overflow vulnerability affecting several models of its routers, which could be exploited by an adversary to trigger a denial-of-service condition. The vulnerability is tracked as PSV-2019-0104 and has a CVSS v3 severity score of 7.4.

The vulnerability affects the company’s RAX40, RAX35, R6400v2, R6400v3, R6900P, R7000P, R7000, R7960P, and R8000P routers. Users should update the firmware as soon as possible to prevent exploitation of the flaws. The updated firmware versions are:

  • RAX40 + RAX35 – Version 1.0.2.60
  • R6400v2 + R6700v3 – Version 1.0.4.122
  • R6900P + R7000P – Version 1.3.3.152
  • R7000 – Version 1.0.11.136
  • R7960P + R8000P – Version 1.4.4.94

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist