View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 13, 2020updated 14 Jan 2020 12:46pm

Citrix Gateway Vulnerability: Exploits Proliferate, as Experts say Gov’t Agencies Exposed

"Countless high value targets across a swath of verticals including finance, government, and healthcare"

By CBR Staff Writer

Customers turned to Citrix Gateway for security: the company says it provides “secure access and single sign-on to all the virtual, SaaS and web applications they need to be productive.” Now the tool itself is vulnerable to a critical and “trivial to exploit” vulnerability that remains unpatched, nearly a month after being disclosed.

Exploits are now in the public domain, and security experts say that among 50,000+ potentially exposed users, they have identified scores of sensitive domains vulnerable to attack, including 351 distinct names containing .gov: predominately in the UK and Australia. (Citrix says users need to take manual steps to mitigate: guide here). 

As Tripwire’s Craig Young writes: “The list contains countless high value targets across a swath of verticals including finance, government, and healthcare.”

Florida-based Citrix says it will have firmware updates across all supported versions of Citrix ADC and Citrix Gateway between January 20 – January 31.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Positive Technologies, which first reported the vulnerability, said: “Citrix applications can be used for connecting to workstations and critical business systems (including ERP). In almost every case, Citrix applications are accessible on the company network perimeter, and are therefore the first to be attacked. This vulnerability allows any unauthorized attacker to not only access published applications, but also attack other resources of the company’s internal network from the Citrix server.”

Citrix Gateway Vulnerability

The vulnerability,  CVE-2019-1978, affects Citrix Application Delivery Controller, previously NetScaler ADC, and Citrix Gateway, previously NetScaler Gateway

It was first disclosed on December 17 by Citrix, which acknowledged that both products have a critical security vulnerability that could allow an unauthenticated attacker to remotely execute code on the vulnerable gateways. (The CVE does not yet have a CVSS score: Positive Technologies expects it to be a full fat 10: the highest possible).

Those who haven’t mitigated the Citrix gateway vulnerability may already be in trouble: security firm Trusted Sec said: “We are aware of large scanning efforts already occurring across the globe in an effort to map… for this specific vulnerability.”

Sysadmins who haven’t sorted the mitigation should do so urgently. (The workarounds, as Trusted Sec notes, are focused on “eliminating directory traversals in general and restricting access to the VPNs folder, which contains scripts that allow files to be written (in a specific format) to later be called for remote code execution.”)

See also: Critics Hit Out at Cisco After Security Researcher Finds 120+ Vulnerabilities in a Single Product

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.