Tenable Blog

Following the release of exploit scripts for a critical flaw in Citrix Application Delivery Controller (ADC) and Gateway, attackers launch attacks against vulnerable hosts, while Citrix announces release date for patches

UPDATE 01/24/2020: This blog post has been updated to reflect the availability of patches released by Citrix.

Background

Attacks Increase After Exploit Scripts Released

UPDATE 01-30-2020: The Solution section has been updated to reflect that a direct check plugin to test for CVE-2020-0609, CVE-2020-0610 and CVE-2020-0612 has been released (Plugin ID 133306).

UPDATE 01-23-2020: Researcher ollypwn has released a proof of concept (PoC) titled BlueGate which leverages CVE-2020-0609 and CVE-2020-0610 for a potential Denial of Service (DoS) attack.

We’re excited to take vulnerability prioritization to the next level with the introduction of Tenable Lumin for Tenable.sc. 

So, your boss asked you to do a vulnerability assessment. You hardly remember anything about the topic from your security classes. Since it is about finding vulnerabilities in your infrastructure, it must be something like penetration testing…or is it?

Formally, vulnerability assessment is the process of identifying, classifying and prioritizing vulnerabilities in computer systems, applications and network infrastructures. It helps the organization doing the assessment understand the threats to its environment and react appropriately.

Recent rash of ransomware attacks are leveraging an eight-month-old flaw in a popular SSL VPN solution used by large organizations and governments around the world.