While security researchers were warning of ongoing scans for Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) servers affected by the CVE-2019-19781 vulnerability, many experts are announcing the availability online of proof-of-concept exploit code ([1, 2]).
Researchers at MDSsec published technical details of the vulnerability along with a video that shows the exploit they have developed, but they decided to not release it to avoid
In December Citrix disclosed the critical CVE-2019-19781 vulnerability and explained that it could be exploited by attackers to access company networks.
It has been estimated that 80,000 companies in 158 countries are potentially at risk, most of them in the U.S. (38%), followed by the UK, Germany, the Netherlands, and Australia.
The CVE-2019-19781 vulnerability was discovered by Mikhail Klyuchnikov from Positive Technologies.
“If that vulnerability is exploited, attackers obtain direct access to the company’s local network from the Internet. This attack does not require access to any accounts, and therefore can be performed by any external attacker.” reads the post published by Positive Technologies.
“Positive Technologies experts determined that at least 80,000 companies in 158 countries are potentially at risk.”
The vulnerability affects all supported versions of the product, and all supported platforms, including Citrix ADC and Citrix Gateway 13.0, Citrix ADC and NetScaler Gateway 12.1, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1, and also Citrix NetScaler ADC and NetScaler Gateway 10.5.
The experts pointed out the exploitation of the vulnerability does not require access to any accounts, for this reason, the issue could be triggered by any external attacker to achieve unauthorized access to published applications and other internal network resources from the Citrix servers.
Citrix has released measures to mitigate the flaw, it recommends to update of all vulnerable software versions.
Threat actors have reverse engineered the patches released by Citrix and have developed their exploit code.
The number of vulnerable Citrix systems exposed online are according to Shodan are over 125,000 and it is important to fix them as soon as possible.
(SecurityAffairs – Citrix Server, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.