Monday, November 23, 18:39
Home security Hackers target Citrix servers for failing to spy on code

Hackers target Citrix servers for failing to spy on code

Hackers are scanning to find Citrix servers vulnerable to a critical security flaw in ADC and Gateway products, researchers warned.

Published in December, the serious vulnerability, referred to as CVE-2019-19781, affects the Citrix Application Delivery Controller (ADC) - also known as the NetScaler ADC - along with the Citrix Gateway, formerly known as the NetScaler Gateway. Initially reported by Mikhail Klyuchnikov of Positive Technologies, critical vulnerabilities allow directory switching and, if exploited, allow threat carriers to conduct remote code (RCE) attacks.

According to Citrix's security advisory, these products are affected:

  • Citrix ADC and Citrix Gateway version 13.0 all supported builds
  • Citrix ADC and NetScaler Gateway version 12.1 all supported builds
  • Citrix ADC and NetScaler Gateway version 12.0 all supported builds
  • Citrix ADC and NetScaler Gateway version 11.1 all supported builds
  • Citrix NetScaler ADC and NetScaler Gateway version 10.5 all supported builds

Researchers estimate that at least 80.000 organizations in 158 countries are users of ADC and could therefore run risk. Risk line companies are mainly based on USA About 38% - as well as in the United Kingdom, Germany, the Netherlands and Australia.

"Depending on the specific parameters, Citrix applications can be used to connect to workstations and critical businesses. systems (including ERP), ”says Positive Technologies. "In almost all cases, Citrix applications are accessible on the perimeter of the company's network and are therefore the first to be attacked. This vulnerability allows any unauthorized intruder not only to have access to published applications, but also to attack other resources of the Citrix server internal network. ”

According to Bleeping Computer, cybersecurity researchers have identified a spike in scans for Citrix servers that are potentially vulnerable to error.

A public exploitation code does not seem to be widely used - at least not yet. The Dean of Research, Johannes Ullrich of the SANS Institute of Technology, noted in his controls that the current scans do not appear to be "complex" in any way - some of which do not go beyond GET requests - but added that "other sources I consider credible have stated that they were able to generate code execution exploitation. ”

An update code has not yet released the issue, but Citrix has in the meantime published guidelines for handling the situation. The company recommends that IT admins execute a set of commands accessible here, to tailor response policies.

"Citrix strongly urges customers to implement the measure immediately. Customers will then need to upgrade all their vulnerable devices to a stable version firmware of the device when it is released ", he says.


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehc
Be the limited edition.


Black Friday: Tips for Secure Online Shopping

Black Friday and Cyber ​​Monday are two of the busiest days for online shopping. And of course ...

Photoshop: How to restore the old mode of Free Transform

Adobe recently changed the way Free Transform works. But you can restore the old way of working ...

EU: Ready to end end-to-end encryption?

End-to-end encryption is a security tool used by various applications, including Facebook Messenger, WhatsApp and Signal, for further ...

How to disable the "welcome tips" after the Windows 10 update

Windows 10 after an update sometimes opens a window with tips to show you what's new for ...

The Windows 10 KB4586819 update fixes several issues

Microsoft has released the cumulative non-security update KB4586819 preview for Windows 10 versions 1809, 1903 and 1909, with various fixes ...

Drupal websites are vulnerable to double-extension attacks!

The team behind Drupal Content Management System (CMS) released some security updates this week to fix a critical ...

Face recognition can identify bears and cows

Face recognition can be used to identify various animals such as bears and cows!

Google Workspace: How it unlocked the subscription software market

In fact, Google has made it easier for smaller players. A startup that starts in 2020 ...

Black Friday with online offers in COSMOTE and GERMANO

Press Release: Black Friday with online offers at COSMOTE and GERMANO November 23, 2020

How strong will passwords always be?

In our time, the security of our systems is very important. And one of the most basic security measures we can take ...