A cybersecurity alert was issued Saturday, Jan. 11, 2020, due to an update to the Citrix Application Delivery Controller. TrustedSec announced the availability of proof-of-concept exploit code for the CVE-2019-19781 flaw in Citrix NetScaler ADC and Citrix NetScaler Gateway servers. The vulnerability could allow an attacker to execute arbitrary code, which could potentially lead to a breach.
What It Is:
A vulnerability has been discovered in the Citrix Application Delivery Controller Web Server which could allow for remote code execution. Citrix Application Delivery Controller is a load balancer used for web, application, and database servers.
Successful exploitation of this vulnerability could allow for arbitrary code execution within the context of a privileged process. Depending on the privileges associated with the web service, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the vulnerability could have less impact than if it was configured with administrative rights.
Read the original Citrix Support Knowledge Center articles below for more information:
TrustedSec announced the availability of proof-of-concept exploit code for CVE-2019-19781 flaw in Citrix NetScaler ADC and Citrix NetScaler Gateway servers. The PoC is available on GitHub, and a forensic guide is available detailing how to check Citrix servers for evidence of a compromise.
• Citrix ADC and Citrix Gateway version 13.0 all supported builds
• Citrix ADC and NetScaler Gateway version 12.1 all supported builds
• Citrix ADC and NetScaler Gateway version 12.0 all supported builds
• Citrix ADC and NetScaler Gateway version 11.1 all supported builds
• Citrix NetScaler ADC and NetScaler Gateway version 10.5 all supported builds
• Large and medium government entities: High
• Small government entities: High
• Large and medium business entities: High
• Small business entities: High
Home users: Medium
What It Means:
If you and/or your business utilize the Citrix products mentioned above, you will need to apply the workaround provided by the Citrix advisory since there is currently no patch for this vulnerability. Once a patch is available from Citrix, apply it to vulnerable systems following proper testing.
A vulnerability has been discovered in the Citrix Application Delivery Controller Web Server which could allow for remote code execution. This vulnerability could be exploited by taking advantage of a directory traversal vulnerability and a vulnerability existing in the /vpns/ directory of the web server.
What To Do:
We recommend the following actions be taken:
• Apply the workaround provided by the Citrix advisory as there is currently no patch for this vulnerability.
• Apply appropriate patches provided by Citrix to vulnerable systems once available after appropriate testing.
• Remind users not to download, accept, or execute files from untrusted or unknown sources.
• Remind users not to visit untrusted websites or follow links provided by unknown or untrusted sources.
• Inform and educate users regarding threats posed by hypertext links contained in emails or attachments, especially from untrusted sources.
Negative Consequences of Lost or Stolen Data:
The loss or theft of proprietary data can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed. Possible impacts include:
• Temporary or permanent loss of sensitive or proprietary information.
• Disruption to regular operations.
• Financial losses incurred to restore systems and files.
• Potential harm to an organization’s reputation.
Should your agency or business need assistance with issues arising from vulnerabilities in Citrix products including workarounds and/or patches, Dox can help. Please contact Dox if there is anything we can do to assist in securing your agency, business, or organization.
Thank you for your time and stay safe online.