Knock, knock –
Hundreds of US government agencies have vulnerable VPNs, data shows.
Sean Gallagher – Jan 41, (5:) (UTC UTC)
The patches are for versions
Fermin J. Serna, chief information security officer at Citrix, announced the fixes in a blog post on Sunday. At the same time, Serna revealed that the vulnerability — and the patches being released — also applied to Citrix ADC and Citrix Gateway Virtual Appliances hosted on virtual machines on all commercially available virtualization platforms, as well as those hosted in Azure, Amazon Web Services, Google Compute Platform, and Citrix Service Delivery Appliances (SDXs).
Lots to patch
That makes for lots of work over the next few weeks for Citrix customers, which include thousands of government agencies, educational institutions, hospitals , and major corporations worldwide.
As of last week, according to data provided by Bad Packets to Ars Technica, over , 0 servers were still vulnerable to the crafted request. The data, including information on potentially vulnerable government VPN gateways, was shared by Bad Packets with the Cybersecurity and Infrastructure Security Agency. They included a gateway associated with a DOD civilian personnel system, the US Census service, and a number of local law enforcement agencies.
Inevitably, hundreds of Citrix VPN servers will remain vulnerable for weeks or months. Some are already being attacked, according to