Citrix ships patches as vulnerable servers come under attack
Cyber Security

Citrix ships patches as vulnerable servers come under attack

Citrix has issued its first set of fixing a nasty vulnerability that’s been hanging over some of its biggest products.

The flaw, identified as CVE-2019-19781 on 17 December 2019, affected Citrix’s Application Delivery Controller (ADC) load and application balancer, and the Citrix Gateway Virtual Private Network (VPN) appliance (previously known as the NetScaler ADC or NetScaler Gateway).

Citrix was vague about what the flaw might allow an attacker to do beyond saying that it “could allow an unauthenticated attacker to perform arbitrary code execution.”

However, it’s been clear from the start that it was serious, an impression reinforced by speculation (based on analysis of Citrix’s proposed mitigations) that the issue allows directory traversal, that is offering attackers a way to access to restricted directories without having to authenticate.

That’s potentially disastrous – the Citrix Gateway, for example, is used to enable VPN remote access so an attacker able to crawl into a network through that route could exploit that in numerous horrible ways.

You might also like

Google Launches Cybersecurity Career Certificate Program

ChatGPT Emerges as Key AI Tech for Security Vendors

Hackers Use HTML Smuggling To Distribute Malware by E-mail

5 safety tips to follow while making digital payment transactions

Leave A Reply

Your email address will not be published.