Email Twitter LinkedIn Google Plus Hamburger
Incident Response
Get in touch

An important announcement from Citrix

Citrix has finally started releasing security patches for a critical vulnerability in ADC and Gateway software that attackers started exploiting late December 2019.

The vulnerability, tracked as CVE-2019-19781, is a path traversal vulnerability issue that could allow unauthenticated, remote attackers to execute arbitrary code on several versions of Citrix ADC and Gateway products, as well as two older versions of Citrix SD-WAN WANOP.

Rated critical with a CVSS v3.1 base score of 9.8, the issue was discovered by Mikhail Klyuchnikov, a security researcher at Positive Technologies, who reported it to Citrix in early December. 

Since last week, the vulnerability has been (and continues to be) actively exploited,  thanks to the public release of multiple proof-of-concept exploit codes.

There are seemingly over 15,000 publicly accessible vulnerable Citrix ADC and Gateway servers that attackers can exploit (overnight!), targeting potential enterprise networks.

undefined

Last week Citrix released a timeline, promising to release patched firmware updates for all supported versions of ADC and Gateway software before the end of January 2020.

Citrix has stated the following in its advisory: "it is necessary to upgrade all Citrix ADC and Citrix Gateway 11.1 instances (MPX or VPX) to build 11.1.63.15 to install the security vulnerability fixes. It is necessary to upgrade all Citrix ADC and Citrix Gateway 12.0 instances (MPX or VPX) to build 12.0.63.13 to install the security vulnerability fixes."

We recommend that these patches are applied as soon as possible to prevent any potential loss of service or availability.

Are you worried your network might be compromised? Get in touch today today to talk to one of our experts!


We would like to use cookies to offer you a better browsing experience and track website performance. You can read more information about how we use cookies and how we analyse your data in our cookie policy here.

Reject Accept