Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Citrix Vulnerability Leaves 80,000 Companies at Risk

A critical vulnerability in Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) could allow criminal access to the networks of 80,000 companies in 158 countries.

The countries most at risk are the U.S. (with 38% of the vulnerable networks), the UK, Germany, the Netherlands, and Australia. 

A critical vulnerability in Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) could allow criminal access to the networks of 80,000 companies in 158 countries.

The countries most at risk are the U.S. (with 38% of the vulnerable networks), the UK, Germany, the Netherlands, and Australia. 

The vulnerability (CVE-2019-19781), described as ‘critical’ although not yet assigned a CVSS severity rating, was discovered by Positive Technologies. “This vulnerability,” says Positive, “affects all supported versions of the product, and all supported platforms, including Citrix ADC and Citrix Gateway 13.0, Citrix ADC and NetScaler Gateway 12.1, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1, and also Citrix NetScaler ADC and NetScaler Gateway 10.5.”

If the vulnerability is exploited, the attacker does not require access to any accounts, so it can be undertaken by any external actor. It allows unauthorized access to published applications and other internal network resources from the Citrix servers.

“Citrix applications are widely used in corporate networks,” commented Dmitry Serebryannikov, director of the security audit department at Positive Technologies. “This includes their use for providing terminal access of employees to internal company applications from any device via the Internet. Considering the high risk brought by the discovered vulnerability, and how widespread Citrix software is in the business community, we recommend information security professionals take immediate steps to mitigate the threat.” 

In its own security bulletin on December 7, 2019, Citrix warned that if exploited, the vulnerability “could allow an unauthenticated attacker to perform arbitrary code execution.” The firm has published recommended mitigation steps for the vulnerability, involving configuration changes pending a fix. These steps start with a reboot as “a precautionary step to ensure that if there are any open sessions, obtained via the vulnerability prior to policy application, are cleared.”

Positive notes that Citrix issued the mitigation steps “within just a couple of weeks after the vulnerability was discovered. From our experience, we know that in many cases it can take months.”

It warns that the vulnerability has existed since 2014, and that it is therefore as important to detect any potential existing exploitation and infrastructure compromise as it is to defend against current or future attacks.

Advertisement. Scroll to continue reading.

Related: Hackers Can Exploit Siemens Control System Flaws in Attacks on Power Plants 

Related: High-Risk Flaws Found in Process Control Systems From B&R Automation 

Related: Many Vulnerabilities Discovered in Moxa Industrial Switches 

Related: Schneider Electric Vehicle Charging Stations Exposed to Hacker Attacks 

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.