Categories: Computer Securitycyber securityVulnerability

Hackers Scanning for Citrix Servers Vulnerable to Remote Code Execution

Researchers spotted active scans targeting Application Delivery Controller and Citrix Gateway to exploit Critical Vulnerability CVE-2019-19781.

This vulnerability can be exploited remotely, successful exploitation allows an unauthenticated attacker to perform arbitrary code execution.

The vulnerability was discovered by Mikhail Klyuchnikov, it may create a serious threat for organizations deployed with Citrix Application Delivery Controller and gateway.

Active Scans Spotted

SANS Technology Institute Dean of Research, Johannes B. Ullrich, spotted active scans through honeypot logs. The good news is that no exploits are being used.

Johannes said that the scans are not sophisticated, as they have some of the errors. He also said that “the attackers were able to create a code execution exploit.”

Multiple requests were spotted started from the basic level to some dangerous requests. The requests don’t trigger the exploit as it’s parts are missing, but they hit the vulnerable URLs.

Another researcher Kevin Beaumont said that active exploitation for the vulnerability is starting up.

According to Citrix advisory the vulnerability affects following product versions platforms.

  • Citrix ADC and Citrix Gateway version 13.0 all supported builds
  • Citrix ADC and NetScaler Gateway version 12.1 all supported builds
  • Citrix ADC and NetScaler Gateway version 12.0 all supported builds
  • Citrix ADC and NetScaler Gateway version 11.1 all supported builds
  • Citrix NetScaler ADC and NetScaler Gateway version 10.5 all supported builds

Citrix not released any patches, but suggested configuration changes to mitigate the execution vulnerability.

Citrix believed to be used in more than 80,000 companies around the globe, successful exploitation of the vulnerability allows an unauthenticated attacker to access internal company applications.

Citrix strongly urges affected customers to immediately apply the provided mitigation. Customers should then upgrade all of their vulnerable appliances to a fixed version of the appliance firmware when released.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Leave a Comment
Share
Published by
Gurubaran
Tags: citrixcitrix gatewayVulnerability
5 years ago

Recent Posts

LegionLoader Abusing Chrome Extensions To Deliver Infostealer Malware

LegionLoader, a C/C++ downloader malware, first seen in 2019, delivers payloads like malicious Chrome extensions,…

19 hours ago

ASUS Critical Vulnerabilities Let Attackers Execute Arbitrary Commands

In a recent security advisory, ASUS has alerted users to critical vulnerabilities affecting several of…

23 hours ago

NTT Docomo Hit by DDoS Attack, Services Disrupted for 11 Hours

NTT Docomo, one of Japan’s leading telecommunications and IT service providers, experienced a massive disruption…

1 day ago

Apple Agrees to $95M Settlement Over Siri Privacy Lawsuit

Apple Inc. has agreed to pay $95 million to settle a proposed class-action lawsuit alleging…

1 day ago

iTerm2 Emulator Vulnerability Let Attackers Access Sensitive User Data

 A critical vulnerability discovered in the popular macOS terminal emulator iTerm2 has raised concerns among…

1 day ago

PoC Exploit Released For Critical Windows LDAP RCE Vulnerability

The CVE-2024-49112 vulnerability in Windows LDAP allows remote code execution on unpatched Domain Controllers, as…

2 days ago