Citrix informed customers on Tuesday that it has patched 11 vulnerabilities in its ADC, Gateway, and SD-WAN networking products, and highlighted that the flaws are not related to CVE-2019-19781, which has been exploited in many attacks.
After publishing a security advisory describing the vulnerabilities, Citrix also published a blog post written by its CISO, Fermin J. Serna, in an effort to “avoid confusion and limit the potential for misinterpretation in the industry and our customer set.”
Serna pointed out that these newly patched vulnerabilities are not related to CVE-2019-19781, which hackers started exploiting in January, shortly after the flaw was disclosed. That security hole was exploited by both profit-driven cybercriminals and state-sponsored threat actors, and it caused a lot of problems for many organizations.
For CVE-2019-19781, Citrix initially released temporary mitigations due to the high risk of exploitation and released permanent patches only weeks later. In the case of the latest vulnerabilities, the company noted that they are fully addressed by the patches and it has found no evidence of malicious exploitation. The likelihood of exploitation is also considered lower.
The newly patched vulnerabilities affect Citrix ADC, Gateway, and the SD-WAN WAN Optimization (WANOP) edition, and they can be exploited for obtaining information, launching DoS attacks, local privilege escalation, XSS attacks, authorization bypass, and code injection.
While some of the flaws can be exploited by a remote and unauthenticated attacker, exploitation in most cases requires access to the targeted system, user interaction, or other preconditions. Moreover, cloud versions of the impacted products are not vulnerable to attacks.
Despite the reduced risk of attacks exploiting these flaws, Citrix has advised customers to implement its security recommendations and install the patches as soon as possible.
“We are limiting the public disclosure of many of the technical details of the vulnerabilities and the patches to further protect our customers. Across the industry, today’s sophisticated malicious actors are using the details and patches to reverse engineer exploits. As such, we are taking steps to advise and help our customers but also do what we can to shield intelligence from malicious actors,” Serna said.