Company

ABOUT ESENTIRE

eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.

About Us →

Leadership →

Careers →

Event Calendar →

Newsroom →

EVENT CALENDAR

Nov

November TRU Intelligence Briefing

Nov

CIO & CISO Strategy Meeting Boston

Nov

HFTC Q4 Dinner Conference

Nov

SkyHigh Cook Out

Dec

TechTalk Soho House Dinner, Chicago

View Calendar →

LATEST PRESS RELEASE

Aug 09, 2024

eSentire Expands Partnership with TD SYNNEX to Bring eSentire’s Award-Winning, 24/7 MDR and SOC Services to Organizations Across North America

Waterloo, Ontario, August 12, 2024 — eSentire, a leading global Managed Detection and Response (MDR) provider, today announced it has expanded its partnership with TD SYNNEX, a leading global distributor and solutions aggregator for the IT ecosystem. eSentire’s all-in-one, 24/7…

View Newsroom →

Speak With A Security Expert Now

TALK TO AN EXPERT

THE THREAT

On November 12th, Citrix disclosed two separate vulnerabilities identified in Citrix Session Recording, which impacted multiple versions of Citrix Virtual Apps and Desktops. According to Citrix, the vulnerabilities, tracked as CVE-2024-8068 (CVSS: 5.1) and CVE-2024-8069 (CVSS: 5.1), allow for privilege escalation and Remote Code Execution (RCE) by previously authenticated threat actors.

The vulnerabilities were discovered and reported to Citrix by WatchTowr. Researchers at WatchTowr have publicly disputed the description and criticality rating of the vulnerabilities. They claim that the vulnerabilities can be exploited by unauthenticated threat actors to execute code on the underlying Windows server hosting the Citrix applications, making them high value for initial access into victim organizations. In response to the public disclosure, WatchTowr released technical details and public Proof-of-Concept (PoC) exploit code.

eSentire has not observed exploitation at this time, but there are public reports of exploitation attempts beginning on November 12th. The eSentire Threat Intelligence team assesses that it is almost certain that available PoC exploit code will be employed by threat actors in the immediate future to exploit these vulnerabilities.

What we’re doing about it

eSentire’s Tactical Threat Response (TTR) team has created new detections for both eSentire MDR for Network and Endpoint
eSentire Managed Vulnerability Service (MVS) will add the relevant plugins as they become available
The eSentire Threat Intelligence team is actively tracking this topic for additional details and detection opportunities

What you should do about it

After performing a business impact review, apply the vendor provided security patches

Additional information

As technical details and PoC exploit code for CVE-2024-8068 and CVE-2024-8069 are publicly available, and there are preliminary reports of exploitation attempts, it is critical that organizations using Citrix Virtual Apps and Desktops apply the relevant security patches immediately. Citrix has not provided alternative mitigations at this time.

The debate surrounding whether these vulnerabilities can be exploited without prior authentication is ongoing. Based on an internal review of these vulnerabilities, the eSentire Threat Intelligence team assesses that threat actors would require internal network access to contact the Windows server hosting Citrix Virtual Apps and Desktops over port 1801, to enable exploitation. If the server hosting the Citrix applications is directly exposed to the Internet, authentication would not be required.

References:

[1] https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US
[2] https://labs.watchtowr.com/visionaries-at-citrix-have-democratised-remote-network-access-citrix-virtual-apps-and-desktops-cve-unknown/
[3] https://github.com/watchtowrlabs/Citrix-Virtual-Apps-XEN-Exploit/blob/main/exploit-citrix-xen.py
[4] https://x.com/Shadowserver/status/1856435596085895328

ESENTIRE SERVICES

Managed Detection and Response

All-In-One MDR Solution →

MDR for Microsoft →

MDR for GenAI →

Digital Forensics and Incident Response

Exposure Management Services

PLATFORM, PEOPLE AND RESPONSE

Security Operations Center (SOC)

Extended Detection and Response (XDR)

Technology Integrations

Threat Response Unit (TRU)

Cyber Resilience Team

Response and Remediation

24/7 MDR SIGNALS

Endpoint

Network

Log

Cloud

Identity

INDUSTRIES

Insurance

Construction

Finance

Legal

Manufacturing

Private Equity

Healthcare

Retail

Food Supply

Government and Education

Automotive Dealerships

USE CASES

Ransomware

Cybersecurity Compliance

Zero Day Attacks

Cloud Misconfiguration

Third-Party Risk

Do More With Less

Cyber Risk

Cyber Insurance

Sensitive Data Security

Security Leadership

Cyber Threat Intelligence

MDR Pricing

From The Blog

Bored BeaverTail Yacht Club – A Lazarus Lure

Cybersecurity Spending: Where to Allocate Your Budget in 2025

How Generative AI Can Be Used to Enable Better Security Outcomes

Resources

Case Studies

TRU Intelligence Center

Cybersecurity Tools

Videos

Reports

Webinars

Data Sheets

Real vs. Fake MDR

Compare MDR Vendors

Blogs

Security Advisories

SECURITY ADVISORIES

PoC Released for Citrix Vulnerabilities

FortiManager Zero-Day Vulnerability (CVE-2024-47575)