Citrix has only recently released fixes for a security flaw found in its Application Delivery Controller (ADC), said InfoSecurity Magazine. The patches came after reports of some attackers exploiting the vulnerability which has been coded as CVE-2019-19781.
The bug was reported by Citrix back in December 2019. Reportedly, this leaves the ADC and Citrix Gateway susceptible to remote attacks. Specifically, successful exploitation of this vulnerability “could allow an unauthenticated attacker to perform arbitrary code execution.” The Register also revealed that before the patches, the bug has left thousands of systems vulnerable to such attacks.
One of the most major reports of attacks exploiting the bug is NotRobin, which “appears to be hoarding access to exposed Citrix systems.” According to FireEye the team that found NotRobin, the malicious party seems to have been “opportunistically compromising NetScaler devices, possibly to prepare for an upcoming campaign.” The good news is that the team has not detected the return of the NotRobin attacker.
ADC is known to accelerate the performance of pertinent applications. IT also enhances the availability of related applications.
Thousands of users ‘still exposed’
While the company has issued a series of patches to fight possible attackers, InfoSecurity Magazine noted that thousands of machines are still left exposed. These individuals include high-value targets in various industries such as finance, government, and healthcare.
The report also remarked that the issue partially comes from the fact that the mitigations failed to work as intended. As a result, even Dutch authorities have urged organizations to disable Citrix systems.
Those who have successfully exploited the bug have released proofs-of-concept. There have also been reports of on-going attacks. This spurred the company to speed up the development and issuing of such fixes.
As of this writing, the company was able to develop permanent patches for versions 11.1 and 12.0 of ADC. It has also determined a date for other versions including 12.1, 13 and 10.5. According to InfoSecurity Magazine, the mitigating updates would be released on January 24.
Meanwhile, Citrix representatives have urged customers to install these patches. In a statement, Fermin Serna of Citrix said that “the fixes are for the indicated versions only.” This means that customers who have multiple systems with different ADC versions would need to use the respective patches.
The company has also prepared for SD-WAN WANOP, which will also be released on January 24.
