Citrix Netscaler Fixed Builds Released

Citrix Netscaler Fixed Builds Released

An update to the Citrix Netscaler cybersecurity alert was issued Monday, Jan. 20, 2020. Citrix released fixed builds to address CVE-2019-19781 for Citrix Netscaler ADC and Citrix Netscaler Gateway versions 12.0 and 11.1. Additional fixed builds for vulnerable versions of Citrix Netscaler ADC, Citrix Netscaler Gateway, and Citrix SD-WAN WANOP are expected to be released on Jan. 24, 2020. The vulnerability could allow a bad actor to execute arbitrary code, which could potentially lead to a breach.

What It Is:
A vulnerability has been discovered in the Citrix Netscaler Application Delivery Controller Web Server which could allow for remote code execution. Citrix Netscaler Application Delivery Controller is a load balancer used for web, application, and database servers.

Successful exploitation of this vulnerability could allow for arbitrary code execution within the context of a privileged process. Depending on the privileges associated with the web service, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the vulnerability could have less impact than if it was configured with administrative rights.

Read the original Citrix Support Knowledge Center articles below for more information:

Updated 1/20/2020: CVE-2019-19781 - Vulnerability in Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance
Mitigation Steps for CVE-2019-19781

Threat Intelligence:
Updated 1/20/2020: Citrix released fixed builds to address CVE-2019-19781 for Citrix Netscaler ADC and Citrix Netscaler Gateway versions 12.0 and 11.1. Additional fixed builds for vulnerable versions of Citrix Netscaler ADC, Citrix Netscaler Gateway, and Citrix SD-WAN WANOP are expected to be released on Jan. 24, 2020.

Systems Affected:

• Citrix Netscaler ADC and Citrix Netscaler Gateway version 13.0 all supported builds
• Citrix Netscaler ADC and NetScaler Gateway version 12.1 all supported builds
• Citrix Netscaler ADC and NetScaler Gateway version 12.0 all supported builds
• Citrix Netscaler ADC and NetScaler Gateway version 11.1 all supported builds
• Citrix NetScaler ADC and NetScaler Gateway version 10.5 all supported builds

Risk:
Government:
• Large and medium government entities: High
• Small government entities: High
Businesses:
• Large and medium business entities: High
• Small business entities: High
Home users: Medium

What It Means:
If you and/or your business utilize the Citrix products mentioned above, you will need to apply the appropriate the patches provided by Citrix for Citrix Netscaler ADC and Citrix Netscaler Gateway versions 12.0 and 11.1, following appropriate testing, or apply the workaround provided by the Citrix advisory until fixes are released on Jan. 24, 2020, for other vulnerable versions.

Technical Summary:
A vulnerability has been discovered in the Citrix Netscaler Application Delivery Controller Web Server which could allow for remote code execution. This vulnerability could be exploited by taking advantage of a directory traversal vulnerability and a vulnerability existing in the /vpns/ directory of the webserver.

What To Do:
We recommend the following actions be taken:

• Apply the appropriate patches provided by Citrix for Citrix Netscaler ADC and Citrix Netscaler Gateway versions 12.0 and 11.1, after appropriate testing.
• Apply the workaround provided by the Citrix advisory until fixes are released on Jan. 24, 2020, for other vulnerable versions.
• Remind users not to download, accept, or execute files from untrusted or unknown sources.
• Remind users not to visit untrusted websites or follow links provided by unknown or untrusted sources.
• Inform and educate users regarding threats posed by hypertext links contained in emails or attachments, especially from untrusted sources.

Negative Consequences of Lost or Stolen Data:
The loss or theft of proprietary data can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed. Possible impacts include:

• Temporary or permanent loss of sensitive or proprietary information.
• Disruption to regular operations.
• Financial losses incurred to restore systems and files.
• Potential harm to an organization’s reputation.

Should your agency or business need assistance with issues arising from vulnerabilities in Citrix products including updates and/or patches, Dox can help. Please contact Dox if there is anything we can do to assist in securing your agency, business, or organization.

Thank you for your time and stay safe online.