The digital health space refers to the integration of technology and health care services to improve the overall quality of health care delivery. It encompasses a wide range of innovative and emerging technologies such as wearables, telehealth, artificial intelligence, mobile health, and electronic health records (EHRs). The digital health space offers numerous benefits such as improved patient outcomes, increased access to health care, reduced costs, and improved communication and collaboration between patients and health care providers. For example, patients can now monitor their vital signs such as blood pressure and glucose levels from home using wearable devices and share the data with their doctors in real-time. Telehealth technology allows patients to consult with their health care providers remotely without having to travel to the hospital, making health care more accessible, particularly in remote or rural areas. Artificial intelligence can be used to analyze vast amounts of patient data to identify patterns, predict outcomes, and provide personalized treatment recommendations. Overall, the digital health space is rapidly evolving, and the integration of technology in health

Friday, December 1, 2023

Health IT vulnerability disclosed by HHS

THIS BULLETIN IS BEING BROUGHT TO YOU VIA DIGITAL HEALTH SPACE.

 

Citrix Bleed Vulnerability 


Executive Summary 


On October 10, 2023, Citrix released a security advisory for a vulnerability that impacts the NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). This vulnerability is tracked as CVE-2023-4966 and has also been referred to as ‘Citrix Bleed’. The Citrix Bleed vulnerability is being actively exploited, and HC3 strongly urges organizations to upgrade to prevent further damage against the Healthcare and Public Health (HPH) sector. This alert contains information on attack detection and mitigation of the vulnerability. The following versions are currently capable of being exploited: 


• NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50 

• NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.15 

• NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.19 

• NetScaler ADC and NetScaler Gateway version 12.1 (EOL) 

• NetScaler ADC 13.1FIPS before 13.1-37.163 

• NetScaler ADC 12.1-FIPS before 12.1-55.300 

• NetScaler ADC 12.1-NDcPP before 12.1-55.300 


It should also be noted that NetScaler ADC and NetScaler Gateway version 12.1 are now considered End-of-Life and will also be vulnerable to CVE-2023-4966. 


Patches, Mitigations, and Workarounds 


Citrix released a patch for this vulnerability in early October, but it has been reported that the vulnerability was being exploited as a zero-day since August 2023. The manufactor has also warned that these compromised sessions will still be active after a patch has been implemented. HC3 encourages all administrators to follow Citrix’s guidance to upgrade their devices and remove any active or persistent sessions with the following commands: 

• kill aaa session -all 

• kill icaconnection -all 

• kill rdp connection -all 

• kill pcoipConnection -all 

• clear lb persistentSessions 


Additional recommended actions for investigating any potential exploits of CVE-2023-4966 are provided by NetScaler here, and further technical details, threat actor activity, and indicators of compromise from CISA can be obtained here and here. HC3 strongly encourages users and administrators to review these recommended actions and upgrade their devices to prevent serious damage to the HPH sector. 


References 


CISA Guidance for Addressing Citrix NetScaler ADC and Gateway Vulnerability CVE-2023-4966, Citrix Bleed 


https://www.cisa.gov/guidance-addressing-citrix-netscaler-adc-and-gateway-vulnerability-cve-2023-4966-citrix-bleed 

#StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability 


https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a 

CVE-2023-4966: Critical security update now available for NetScaler ADC and NetScaler Gateway

https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-4966 and CVE-2023-4967

https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967

 

https://nvd.nist.gov/vuln/detail/CVE-2023-4966

 

No comments:

Post a Comment