citrix hack

Your Citrix applications might allow hackers to access your network; critical vulnerability detected

Web application security specialists reported the finding of a critical vulnerability in Citrix Application Delivery Controller and Citrix Gateway, formerly known as Netscaler Gateway or Netscaler ADC. The exploitation of this critical flaw reportedly would allow threat actors to access the internal networks of affected companies.

The vulnerability has been tracked as CVE-2019-17781; Citrix ensures that more details will be revealed when the flaw is completely corrected.

NetScaler ADC is a technological solution for monitoring and load balancing, while Unified Gateway provides remote access to internal applications, including desktop, intranet, and web applications; in other words, it involves any app on any device and from any location.

In the report, publicly disclosed last December 17, web application security specialists say that the vulnerability can be exploited by a remote threat actor without authentication in order to execute arbitrary code.

Even worse, hackers don’t even need to know details about compromised accounts to exploit the flaw. According to a report previously published by security firm Positive Technologies, the first vulnerable versions of this software were released since 2014; networks of around 80,000 companies in more than 150 countries would currently be exposed to the exploitation of this vulnerability.

The main use of these software solutions is to provide remote access to internal applications, so executing arbitrary code could allow a threat actor to enjoy access to the target company’s internal networks, so specialists in web application security consider this to be a critical vulnerability.

Shortly after receiving the report, Citrix released a series of measures to mitigate the risk of exploitation by blocking some VPN SSL requests, indicating the area where this critical flaw resides; this is a secure tunnel on a remote network that uses the SSL protocol. It is important to note that this is only a temporary solution; details are available on the company’s official platforms. Affected versions of Citrix ADC and Unified Gateway include 10.5, 11.1, 12.0, 12.1, and 13.0.

International Institute of Cyber Security (IICS) web application security specialists recommend administrators to implement the measures recommended by the company as soon as possible. It is also recommended to remain alert to the release of the full fix, which will be available shortly.