Citrix Vulnerability Puts 80000 Companies from Around the World at Risk

  • Researcher discovers a highly critical vulnerability that affects widely-used Citrix software products.
  • The vulnerability takes only a minute to exploit and can lead to unlimited corporate network access.
  • At least 80000 companies engaging in critical sectors are at risk of getting hacked.

Security expert Mikhail Klyuchnikov of Positive Technologies has discovered a critical vulnerability that affects the Citrix Application Delivery Controller and Citrix Gateway. As the researcher claims, the flaw can be exploited to enable an attacker to access local corporate networks remotely via arbitrary code execution, without requiring access to accounts or the knowledge of credentials. The identifier that was assigned to the particular vulnerability is CVE-2019-19781, and unofficially, it carries the highest level of criticality (10 on CVSS). As for the list of products that are affected, these are the following:

  • Citrix ADC and Citrix Gateway 13.0
  • Citrix ADC and NetScaler Gateway 12.1
  • Citrix ADC and NetScaler Gateway 12.0
  • Citrix ADC and NetScaler Gateway 11.1
  • Citrix NetScaler ADC and NetScaler Gateway 10.5

The above products are used by approximately 80000 companies in 158 countries. The most significant targets that are in danger are IT, telecom, banking, fuel, retail, and manufacturing entities in the United States, UK, Germany, the Netherlands, and Australia. As the researcher points out, the particular vulnerability may have just been discovered, but it was there for about 5.5 years already, and a hacker would only need a minute to exploit it.

citrix_flaw_worldmap
Source: Positive Technologies

Citrix is informing its clients about the issue and is proposing a set of mitigation steps as there is no patch out yet. The risk prevention measures include the running of commands as those are given in full detail in the relevant support web page. Other than following the instructions that come directly from Citrix, you may also set your firewall to maximum security, conduct retrospective analysis, and also in-depth traffic analysis. Of course, applying patches when they become available goes without saying at this point, and there should be no delay on that part no matter the complexities that may accompany upgrades in general.

This discovery is not your average cyber-security news, as critical zero-days that affect such leading software products see the light once, maybe twice in a decade. Citrix products are used by many organizations, government bodies, and large companies out there, and its market share is expected to grow to a magnitude of $5 billion until 2023. From what we can deduce, this flaw was not being exploited in these past five years. However, we can’t rule out this possibility yet.

Do you have anything to comment on the above? Feel free to share your thoughts with us in the dedicated section down below, or on our socials, on Facebook and Twitter.

REVIEW OVERVIEW

Latest

Indian Banks and Finance Companies Targeted by Multi-Staged JSOutProx RAT Malware

Indian banks and financial institutions are being targeted by a multi-tier JSOutProx RAT that acts in two stages.The malware uses spear-phishing emails...

Mega Deletes 144,000+ User Accounts for Repeated Copyright Infringement

Mega has changed its policies and terminated over 144,000 accounts for repeated copyright infringement violations.The company says flagged data is taken down...

YouTube Creators Targeted With Phishing Scams Based on Cookie Theft Malware

Google discoverd a new Cookie Theft-based phishing scam that targeted channels belonging to YouTube creators.Actors were sending phishing emails and hijacking channels...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari