Wednesday, January 29, 2025
Follow us On Linkedin
HomeCVE/vulnerabilityCritical Vulnerability in Citrix Products Let Hackers Access to 80,000 Companies Internal...

Critical Vulnerability in Citrix Products Let Hackers Access to 80,000 Companies Internal Network

CVE/vulnerabilityNetwork SecurityTraining

Published on

By Balaji
Critical Vulnerability in Citrix Products Let Hackers Access to 80,000 Companies Internal Network

Free Webinar DevSecOps Hacks

SIEM as a Service

Follow Us on Google News

A researcher discovered a critical vulnerability in Citrix Application Delivery Controller (NetScaler ADC) & Citrix Gateway (NetScaler Gateway) let external hackers access to the company’s local network remotely.

Experts believe that at least 80,000 companies could have affected around the globe including the United States with over 38 percent of all vulnerable organizations, the UK, Germany, the Netherlands, and Australia.

The Delivery Controller is the server-side component that is responsible for managing user access, plus brokering and optimizing connections.  Controllers also provide the Machine Creation Services that create desktop and server images.

The vulnerability can be tracked as CVE-2019-19781, and the vulnerability severity is “high” which creates a serious threat to the organization deployed with Citrix Application Delivery Controller and gateway.

 This vulnerability affects all supported versions of the product, and all supported platforms, including the following:

  • Citrix ADC and Citrix Gateway 13.0
  • Citrix ADC and NetScaler Gateway 12.1
  • Citrix ADC and NetScaler Gateway 12.0
  • Citrix ADC and NetScaler Gateway 11.1
  • Citrix NetScaler ADC and NetScaler Gateway 10.5.

According to Positive Technologies report, The vulnerability affects the company depends on the specific configuration, and it allows any unauthorized attacker to not only access published applications but also attack other resources of the company’s internal network from the Citrix server,

According to Dmitry Serebryannikov from PT, “Citrix applications are widely used in corporate networks. This includes their use for providing terminal access of employees to internal company applications from any device via the Internet. Considering the high risk brought by the discovered vulnerability, and how widespread Citrix software is in the business community, we recommend information security professionals take immediate steps to mitigate the threat,” 

Citrix security bulletin Report said CTX267027: A vulnerability in Citrix Application Delivery Controller (ADC), formerly known as NetScaler ADC, and Citrix Gateway, formerly known as NetScaler Gateway, that could lead to arbitrary code execution.”

To avoid such attacks, companies are recommended to use web application firewalls.

Also Read: Unpatched Dropbox for Windows Zero-Day Bug Let Hackers get SYSTEM Privileges

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Cyber Security News

Vulnerability in Airline Integration Service enables A Hacker to Gain Entry To User Accounts

A recent security vulnerability in a widely used airline integration service has exposed millions...
Cyber Security News

Hackers Seize Control of 3,000 Companies Through Critical Vulnerabilities

In a groundbreaking cybersecurity investigation, researchers identified several critical vulnerabilities in a target system,...
CVE/vulnerability

PoC Exploit Released for Critical Cacti Vulnerability Let Attackers Code Remotely

A critical vulnerability in the Cacti performance monitoring framework tracked as CVE-2025-22604, has been...
Cyber Security News

TorNet Backdoor Exploits Windows Scheduled Tasks to Deploy Malware

Cisco Talos researchers have identified an ongoing cyber campaign, active since mid-2024, deploying a...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

Register Now

More like this

CVE/vulnerability

PoC Exploit Released for Critical Cacti Vulnerability Let Attackers Code Remotely

A critical vulnerability in the Cacti performance monitoring framework tracked as CVE-2025-22604, has been...
CVE/vulnerability

Fortinet Authentication Vulnerability Exploited to Gain Super-Admin Access

A critical authentication vulnerability in Fortinet's FortiGate SSL VPN appliance tracked as CVE-2024-55591, has been...
Chrome

Chrome Security Update – Patch for 3 High-Severity Vulnerabilities

Google has released a critical update for the Chrome browser, addressing three high-severity security...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2024 GBHackers On Security - All Rights Reserved