Citrix Bleed: Patching Too Late? Session Token Vulnerability Exposed! #shorts

patch and even if you patch on time, you still need to do IOC hunting or investigation and stuff like that to make sure that you're not compromised before the Bolton was released. And even if you patch this one week too late, it's maybe already too late. You still need to investigate it. So to showcase a bit of the attack surface which we're dealing with because Tedrix is a well product which is widely used again we're using shadow server data here. Now uh one thing to to point out is for speed one and the rce they're bit older and this data is just one year back. So we didn't see like a big drop. Uh we can

see that some instance are patched. We can see here CIX speed 2 the blue one which uh drops at the end. So people are patching which is good but we still have a lot of vulnerable CIX appliance reachable from the internet worldwide. This is worldwide not just Germany or something. It's really worldwide. So all those device are vulnerable and for example Citrix Ble 2 we are now roughly at what's it 4K or something basically 4K device we can just read session tokens and retake or overtake sessions.