On December 17, 2019, Citrix released information about a vulnerability tracked as CVE-2019-19781. This vulnerability lies in Citrix Application Delivery Controller (ADC), formerly known as NetScaler ADC, and Citrix Gateway, formerly known as NetScaler Gateway. Will this the Citrix vulnerability impact your organization?
What We Know About CVE-2019-19781
CVE-2019-19781 allows unauthenticated remote attackers to execute arbitrary code on the exposed system. Because of where the Citrix vulnerability resides on the network, the importance of patching is critical. But, a permanent patch has not been released by Citrix yet. We expect to see one by the end of the month – meaning Citrix left this vulnerability unpatched for over a month.
Citrix did provide configuration steps to reduce the risk of exploitation for CVE-2019-19781, and the Cybersecurity and Infrastructure Security Agency (CISA) has released a tool, available on GitHub, to check for this Citrix vulnerability.
Opportunistic scanning activity continues to target Citrix (NetScaler) servers vulnerable to CVE-2019-19781.
— Bad Packets Report (@bad_packets) January 13, 2020
Citrix 2019 Breach
This isn’t Citrix’s first security incident. In March 2019, the FBI informed Citrix that “they had reason to believe that international cyber criminals gained access to the internal Citrix network.” It was speculated the attackers used password spraying to gain access, impacting over 200 government agencies, oil and gas firms, and technology companies.
Forbes reports that Citrix provides VPN access and credentials to 400,000 organizations worldwide and 98% of the Fortune 500. When an organization like Citrix has a vulnerability, it’s not insignificant. Our penetration testers and auditors are watching this vulnerability closely.