Citrix vulnerability jeopardizes over 80,000 companies globally

  • With 38 percent of the vulnerable networks, companies in the U.S. faced most of the risks followed by the UK, Germany, the Netherlands, and Australia.
  • Upon exploitation, the attacker would not require any authentication to access any accounts.

Two Citrix products were found having a critical flaw threatening 80,000 companies' networks in 158 countries. With 38 percent of the vulnerable networks, companies in the U.S. faced most of the risks followed by the UK, Germany, the Netherlands, and Australia.

What is the vulnerability?

Positive technologies discovered a critical vulnerability in Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway).

  • It could allow attackers access to a company's local network and internal access credentials.
  • The easily exploitable vulnerability affects all supported versions of the product, and all supported platforms, including Citrix ADC and Citrix Gateway 13.0, Citrix ADC and NetScaler Gateway 12.1, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1, and also Citrix NetScaler ADC and NetScaler Gateway 10.5.

The vulnerability (CVE-2019-19781), though described as critical, is yet to be assigned a CVSS severity rating.

How does it affect?

"Citrix applications are widely used in corporate networks," said Dmitry Serebryannikov, director of the security audit department at Positive Technologies.

  • Upon exploitation, the attacker would not require any authentication to access any accounts.
  • Unauthorized access can be further exploited to published applications and other internal network resources from the Citrix servers.

Citrix applications are used for providing terminal access for employees to internal company applications from any device via the Internet. “Considering the high risk brought by the discovered vulnerability, and how widespread Citrix software is in the business community, we recommend information security professionals take immediate steps to mitigate the threat," Dmitry added.

Mitigation measures

Citrix has partially addressed the security issue by publishing a set of mitigation measures for standalone systems and clusters as part of a knowledge-base article.

"Customers should then upgrade all of their vulnerable appliances to a fixed version of the appliance firmware when released," Citrix commented. It strongly recommends impacted customers to apply fixes as soon as possible.

Meanwhile, Symantec also recommended companies to block external access at the edge of the network and use intrusion detection systems to monitor accessible links. It is not the first time that Citrix had to deal with a serious security weakness. The FBI, in March, notified the firm that attackers breached its network and downloaded business documents.