A newly discovered vulnerability impacting the Citrix Application Delivery Controller (NetScaler ADC) and the Citrix Gateway (NetScaler Gateway) could potentially expose the networks of over 80,000 firms to hacking attacks.
The vulnerability, currently tracked as CVE-2019-19781, could allow remote attackers with access to a company's internal network without requiring authentication.
If successfully exploited, it leads to arbitrary code execution according to Positive Technologies' security expert Mikhail Klyuchnikov who discovered the vulnerability.
80,000 firms potentially exposed
Positive Technologies security experts determined "that at least 80,000 companies in 158 countries are potentially at risk with the top 5 countries being "the United States (the absolute leader, with over 38 percent of all vulnerable organizations), the UK, Germany, the Netherlands, and Australia."
Depending on specific configuration, Citrix applications can be used for connecting to workstations and critical business systems (including ERP). In almost every case, Citrix applications are accessible on the company network perimeter, and are therefore the first to be attacked. - Positive Technologies
While Citrix hasn't yet released new firmware to address this security issue, the company published a set of mitigation measures for standalone systems and clusters as part of this knowledge base article and it strongly recommends impacted customers to apply them as soon as possible.
"Customers should then upgrade all of their vulnerable appliances to a fixed version of the appliance firmware when released," Citrix also says.
To be alerted when updated firmware is available for the affected Citrix products, customers are also advised to subscribe to bulletin alerts here.
Affected products and platforms
According to Citrix, the CVE-2019-19781 vulnerability impacts all supported product versions and all supported platforms:
• Citrix ADC and NetScaler Gateway version 12.1 all supported builds
• Citrix ADC and NetScaler Gateway version 12.0 all supported builds
• Citrix ADC and NetScaler Gateway version 11.1 all supported builds
• Citrix NetScaler ADC and NetScaler Gateway version 10.5 all supported builds
"Citrix applications are widely used in corporate networks. This includes their use for providing terminal access of employees to internal company applications from any device via the Internet," Positive Technologies's Director of Security Audit Department Dmitry Serebryannikov said.
"Considering the high risk brought by the discovered vulnerability, and how widespread Citrix software is in the business community, we recommend information security professionals take immediate steps to mitigate the threat."
The data breach
Citrix also experienced a data breach as disclosed in March 2019 by the company's Chief Security Information Officer (CSIO) Stan Black following an alert received from the FBI on March 6, 2019.
In May, Citrix confirmed that the hackers behind the breach infiltrated the company's network and stole the sensitive personal information of both former and current employees while maintaining access within Citrix internal assets for about six months.
"We believe that the cyber criminals may have accessed and or removed information relating to certain individuals who are current and former employees, as well as certain beneficiaries and dependents," Citrix said at the time.
"This information may have included, for example, names, Social Security numbers, and financial information."
The same month, a class action complaint was filed by a Citrix ex-employee for damages suffered following the security breach.
According to the class action complaint filed with the U.S. District Court Southern District of Florida, the causes of action are negligence, violations of the Florida Unfair and Deceptive Trade Practices Act, breach of implied contract, breach of fiduciary duty, and breach of confidence.
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now