Threat Intelligence (CRITICAL UPDATE): As reported on 17 December 2019, a vulnerability has been identified in Citrix NetScaler ADC and Citrix Netscaler Gateway that could allow an unauthenticated attacker to execute arbitrary code.
Citrix released an Advisory (CVE-2019-19781) on the day of the announcement, comprising mitigation steps that can help guard against the possibility of attack (rather than a security update). On 19 January 2020, Citrix began to release fixes (see below). However, many organisations have yet to apply the update and with the active exploit code now circulating on the internet, organisations remain at critical risk. 
**IMPORTANT**
Malicious actors have successfully compromised numerous organisations, deploying various payloads once exploitation occurs. Compromised systems cannot be remediated by applying the fix. Once malicious actors establish a foothold on an affected device, their presence remains even though the original attack vector has been closed. Full information on this security update can be found here: https://www.ncsc.gov.uk/news/citrix-alert
CyberOne recommends installing the latest updates as soon as practicable and following the vendor’s mitigation advice immediately. Fixes for all affected ADC versions: https://www.citrix.com/downloads/citrix-adc/ Fixes for all affected Gateway versions: https://www.citrix.com/downloads/citrix-gateway/ Fixes for all affected SD-WAN models: https://www.citrix.com/downloads/citrix-sd-wan/
Related articles:
- [THREAT INTEL] NSA issues rare warning to patch against BlueKeep vulnerability
- A buyer's guide to patch management software
- What are the types of Penetration Tests - What’s the difference between them?
- Pros and cons of outsourcing your cyber security: In-house or Managed SOC?
About CyberOne
CyberOne is a specialist Cyber Security and IT Managed Service Provider, supporting clients 24x7 from our ISO27001-accredited UK Security Operations Centre (SOC). Located at the heart of a high-security, controlled-access Tier 3 data centre, CyberOne's state-of-the-art UK Cyber Defence Centre (SOC) targets, hunts and disrupts hacker behaviour as part of a multi-layered security defence to help secure some of the UK’s leading organisations.