April 2, 2020
Threat Intelligence (CRITICAL UPDATE) Previously reported in 17 December 2019, a vulnerability has been identified in Citrix NetScaler ADC and Citrix Netscaler Gateway, which could allow an unauthenticated attacker to perform arbitrary code execution.
Citrix released an Advisory (CVE-2019-19781) on the day of the announcement, comprising of mitigation steps that can help guard against the possibility of attack (rather than a security update). On 19 January 2020, Citrix began to release fixes (see below). However, many organisations are yet to apply the update and with active exploit code now circulating on the internet, organisations remain at critical risk.
**IMPORTANT**
Malicious actors have successfully compromised numerous organisations, deploying various payloads once exploitation has taken place. Compromised systems cannot be remediated by applying the fix. Once malicious actors establish a foothold on an affected device, their presence remains even though the original attack vector has been closed. Full information on this security update can be found here: https://www.ncsc.gov.uk/news/citrix-alert
CyberOne recommend installing the latest updates as soon as practicable and to follow the vendor mitigation advice immediately. Fixes for all affected ADC versions: https://www.citrix.com/downloads/citrix-adc/ Fixes for all affected Gateway versions: https://www.citrix.com/downloads/citrix-gateway/ Fixes for all affected SD-WAN models: https://www.citrix.com/downloads/citrix-sd-wan/
Related articles:
- [THREAT INTEL] NSA issues rare warning to patch against BlueKeep vulnerability
- A buyers guide to patch management software
- Types of penetration test – what’s the difference?
- Pros and cons of outsourcing your cyber security: In-house or Managed SOC?
About CyberOne
CyberOne is a specialist Cyber Security and IT Managed Service Provider, supporting clients 24/7 from our ISO27001-accredited UK Security Operations Centre (SOC). Located at the heart of a high security, controlled-access Tier 3 data centre, CyberOne’s state-of-the-art UK Cyber Defence Centre (SOC) targets, hunts & disrupts hacker behaviour, as part of a multi-layered security defence, to help secure some of the UK’s leading organisations.