Critical Vulnerability In Citrix Could Affect Numerous Enterprises

in arbitrarycodeexecution •  5 years ago 


A researcher has discovered a critical vulnerability in Citrix products that risked thousands of businesses around the world. Exploiting the vulnerability could allow an attacker to gain access to a company’s network without authentication.

Citrix Vulnerability Could Allow Unauthorized Access


A security researcher from Positive Technologies, Mikhail Klyuchnikov, discovered a serious security bug in Citrix products. Specifically, he found the vulnerability affecting the Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway).

As stated in a post, exploiting the flaw could allow an attacker to directly access the target firm’s local network without the need to compromise other accounts.

Upon finding the flaw, the researchers informed Citrix of the matter who also acknowledged their findings. Elaborating the vulnerability CVE-2019-19781 in an advisory, they stated,

A vulnerability has been identified in Citrix Application Delivery Controller (ADC) formerly known as NetScaler ADC and Citrix Gateway formerly known as NetScaler Gateway that, if exploited, could allow an unauthenticated attacker to perform arbitrary code execution.
The bug affected all supported builds of Citrix ADC and Citrix Gateway versions 11.1, 12.0, 12.1, and 13.0. Furthermore, it also affected all supported builds for Citrix NetScaler ADC and NetScaler Gateway version 10.5.

Possible Mitigations

For now, Citrix has advised mitigation steps for users to avoid potential exploit. Addressing the vulnerability in a separate post, vendors have detailed the configurations to address the bug. Users must ensure they apply these steps until the vendors release a patch for the flaw. As Citrix stated,
Citrix strongly urges affected customers to immediately apply the provided mitigation. Customers should then upgrade all of their vulnerable appliances to a fixed version of the appliance firmware when released.
According to Positive Technologies, this is certainly a high-impact flaw that potentially affects at least 80,000 firms in 158 countries. Whereas, the top 5 of the affected regions include the United States with 38% of all vulnerable businesses. Then follows the UK, Germany, the Netherlands, and Australia.

Earlier this year, Citrix also suffered a data breach that exposed explicit details of its former and current employees.

Let us know your thoughts in the comments.

Posted from my blog with SteemPress : https://latesthackingnews.com/2019/12/28/critical-vulnerability-in-citrix-could-affect-numerous-enterprises/

arbitrarycodeexecution bug citrix citrixexploit citrixvulnerability
5 years ago by

Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

  • Disagreement on rewards
  • Fraud or plagiarism
  • Hate speech or trolling
  • Miscategorized content or spam

Submit
$2.40
  • Past Payouts $2.40
  • - Author $1.11
  • - Curators $1.28
262 votes
1
Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  
  • Trending
    • [-]
      ·  5 years ago 

    Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
    https://latesthackingnews.com/2019/12/28/critical-vulnerability-in-citrix-could-affect-numerous-enterprises/

    Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

    • Disagreement on rewards
    • Fraud or plagiarism
    • Hate speech or trolling
    • Miscategorized content or spam

    Submit
    $0.00