sb-as logo
Story image

Citrix flaw puts 80,000 companies at risk

A critical vulnerability has been discovered within Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway), by security experts at Positive Technologies.

If the vulnerability is exploited, Positive Technologies says attackers can obtain direct access to the company's local network from the internet. This attack does not require access to any accounts, and therefore can be performed by any external attacker.

Mikhail Klyuchnikov, Positive Technologies expert, discovered a critical vulnerability. He says Positive Technologies experts determined that at least 80,000 companies in 158 countries are potentially at risk. The top five countries with such organisations include the United States (the absolute leader, with over 38 percent of all vulnerable organisations), the UK, Germany, the Netherlands, and Australia.

The discovered vulnerability was assigned identifier CVE-2019-19781. The vendor has not officially assigned a CVSS severity level to this vulnerability yet, but Positive Technologies experts believe it has the highest level, a 10[2]. This vulnerability affects all supported versions of the product, and all supported platforms, including Citrix ADC and Citrix Gateway 13.0, Citrix ADC and NetScaler Gateway 12.1, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1, and also Citrix NetScaler ADC and NetScaler Gateway 10.5.

Depending on specific configuration, Citrix applications can be used for connecting to workstations and critical business systems (including ERP). In almost every case, Citrix applications are accessible on the company network perimeter, and are therefore the first to be attacked. This vulnerability allows any unauthorised attacker to not only access published applications, but also attack other resources of the company's internal network from the Citrix server. Citrix released a set of measures to mitigate this vulnerability, insisting on immediate update of all vulnerable software versions to the recommended ones.

“Citrix applications are widely used in corporate networks. This includes their use for providing terminal access of employees to internal company applications from any device via the internet. Considering the high risk brought by the discovered vulnerability, and how widespread Citrix software is in the business community, we recommend information security professionals take immediate steps to mitigate the threat," says Dmitry Serebryannikov, director of Security Audit Department at Positive Technologies.

"On a separate note, we want to point out that the vendor responded very promptly, by creating and releasing a set of risk mitigation measures within just a couple of weeks after the vulnerability was discovered. From our experience, we know that in many cases it can take months," he says.

Positive Technologies says to fend off potential attacks, companies can also use web application firewalls. For example, PT Application Firewall can detect this attack out of the box. The system must be set to block all dangerous requests to ensure protection in real time.

"Considering how long this vulnerability has been around (since the first vulnerable version of the software was released in 2014), detecting potential exploitation of this vulnerability (and, therefore, infrastructure compromise) retrospectively becomes just as important," Serebryannikov says.

"Starting December 18, 2019, PT Network Attack Discovery users can use special rules detecting attempts to exploit this vulnerability online."

In 2012, Positive Technologies experts detected and helped to eliminate multiple vulnerabilities in Citrix XenServer.

Download image
NFV touted as go-to method of simplifying corporate networks
Enterprises outline their considerations in this study, built on evidence from those directly involved with building a strong networking infrastructure.More
Story image
CrowdStrike recognised as leading endpoint security vendor on global scale
IDC's report shows that CrowdStrike demonstrated a 2018-2019 growth rate of 99% and close to doubled its market share, while the market shares of the top three vendors in the corporate endpoint segment declined.More
Story image
IBM report: Security response improving - containing attacks, not so much
“While more organisations are taking incident response planning seriously, preparing for cyber-attacks isn’t a one and done activity."More
Story image
Rackspace and Cloudflare join forces for managed edge security
Rackspace and Cloudflare join forces for managed edge security The solution includes a web application firewall, DDoS protection, DNS services and a global content delivery network, backed by 24/7 support.More
Story image
Okta, CrowdStrike, Netskope and Proofpoint create shared zero trust security strategy
Okta, CrowdStrike, Netskope and Proofpoint have joined forces to develop and launch an integrated, zero trust security strategy, stating that this is crucial for today’s digital and remote working environments.More
Story image
Bitglass deepens integration with MFA vendor Duo Security
Bitglass has announced a deepened integration with Duo Security, now part of Cisco, as it looks to strengthen security for the modern workforce.More