A vulnerability has been discovered in two Citrix (a load balancer and monitoring tech) products, placing 80,000 companies in 158 countries at risk. Businesses with apps published using these technologies may be exposing their internal network to unauthorized access.
The easily exploitable vulnerability can allow attackers to obtain direct access to a company’s local network and credentials.
Positive Technologies security expert Mikhail Klyuchnikov discovered this vulnerability. It exists in Citrix Application Delivery Controller (formerly known as NetScaler ADC) and in Citrix Gateway (formerly known as NetScaler Gateway).
“If that vulnerability is exploited, attackers obtain direct access to the company’s local network from the internet,” Positive Technologies said in a statement.
According to Positive Technologies Australia is in the top five countries by the number of companies that are potentially vulnerable to an attack.
The vulnerability has been assigned CVE-2019-19781 and affects all supported versions of the products, and all supported platforms, including Citrix ADC and Citrix Gateway 13.0, Citrix ADC and NetScaler Gateway 12.1, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1, and also Citrix NetScaler ADC and NetScaler Gateway 10.5.
What makes the weakness especially dangerous is that it can be used to launch an attack that does not require access to any accounts, meaning it can be mounted by any external attacker.
The company is notifying customers and channel partners about this potential security issue, for which a fix is still forthcoming. The company has urged customers to upgrade all of their vulnerable appliances to a fixed version of the appliance firmware as soon as they release it.
Citrix has published mitigation steps but not a complete fix. “Considering the high risk brought by the discovered vulnerability, and how widespread Citrix software is in the business community, we recommend information security professionals take immediate steps to mitigate the threat.”
Secure Your Organization’s Mind with Securemind.se