Hackers are scanning to find Citrix servers vulnerable to a critical security flaw in ADC and Gateway products, researchers warned.
Released in December, the serious vulnerability, referred to as CVE-2019-19781, affects the Citrix Application Delivery Controller (ADC) - also known as the NetScaler ADC - along with the Citrix Gateway, formerly known as the NetScaler Gateway. Originally reported by Mikhail Klyuchnikov from Positive Technologies, critical vulnerability allows for directory access and, if exploited, allows threat providers to carry out remote code attacks (RCE).
According to Citrix's security advisory, these products are affected:
- Citrix ADC and Citrix Gateway version 13.0 all supported builds
- Citrix ADC and NetScaler Gateway version 12.1 all supported builds
- Citrix ADC and NetScaler Gateway version 12.0 all supported builds
- Citrix ADC and NetScaler Gateway version 11.1 all supported builds
- Citrix NetScaler ADC and NetScaler Gateway version 10.5 all supported builds
Researchers estimate that at least 80.000 organizations in 158 countries are users of ADC and could therefore run risk. Risk line companies are mainly based on USA - about 38% - and in the United Kingdom, Germany, the Netherlands and Australia.
“Depending on the specific parameters, Citrix applications can be used to connect to workstations and critical business systems (including ERP), ”says Positive Technologies. “In almost all cases, Citrix applications are accessible to the perimeter of the company network and are therefore the first to be attacked. This vulnerability allows any unauthorized attacker to not only have access to published applications, but also to attack other resources within the Citrix server's internal network. ”
According to Bleeping Computer, cybersecurity researchers have identified a spike in scans for Citrix servers that are potentially vulnerable to error.
There doesn't seem to be a widespread use of public code - at least not yet. The research dean, Johannes Ullrich of the SANS Institute of Technology, noted in his own controls that current scans do not appear to be "complex" in any way - some of which do not exceed GET requests - but added that "other sources that I believe to be credible have stated that they were able to create code execution exploits. ”
An update code has not yet released the issue, but Citrix has in the meantime published guidelines for handling the situation. The company recommends that IT admins execute a set of commands accessible here, to tailor response policies.
“Citrix strongly encourages customers to take immediate action. Customers will then have to upgrade all of their vulnerable devices to a stable version of firmware of the device when it's released, ”he says.
How useful was this post?
Average rating / 5. Vote count:
No votes so far! Be the first to rate this post.