CVE-2019-19781 Citrix flaw exposes 80,000 companies at risk

Critical CVE-2019-19781 flaw in Citrix NetScaler ADC and Citrix NetScaler Gateway could be exploited to access company networks, 80,000 companies at risk worldwide.

A critical vulnerability in Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway), tracked as CVE-2019-19781, could be exploited by attackers to access company networks.

It has been estimated that 80,000 companies in 158 countries are potentially at risk, most of them in the U.S. (38%), followed by the UK, Germany, the Netherlands, and Australia.

The CVE-2019-19781 vulnerability was discovered by Mikhail Klyuchnikov from Positive Technologies.

“If that vulnerability is exploited, attackers obtain direct access to the company’s local network from the Internet. This attack does not require access to any accounts, and therefore can be performed by any external attacker.” reads the post published by Positive Technologies.

“Positive Technologies experts determined that at least 80,000 companies in 158 countries are potentially at risk.”

The vulnerability affects all supported versions of the product, and all supported platforms, including Citrix ADC and Citrix Gateway 13.0, Citrix ADC and NetScaler Gateway 12.1, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1, and also Citrix NetScaler ADC and NetScaler Gateway 10.5.

The expert pointed out the exploitation of the vulnerability does not require access to any accounts, for this reason, the issue could be triggered by any external attacker to achieve unauthorized access to published applications and other internal network resources from the Citrix servers.

Depending on the configuration of the servers, Citrix applications can be used for connecting to workstations and critical business systems. Considering that Citrix applications are accessible on the company network perimeter, the flaw could allow attackers to attack other resources in the internal network from the Citrix server.

“Citrix applications are widely used in corporate networks,” explained Dmitry Serebryannikov, director of the security audit department at Positive Technologies. “This includes their use for providing terminal access of employees to internal company applications from any device via the Internet. Considering the high risk brought by the discovered vulnerability, and how widespread Citrix software is in the business community, we recommend information security professionals take immediate steps to mitigate the threat.”

Citrix has released measures to mitigate the flaw, it recommends to update of all vulnerable software versions.

Positive Technologies pointed out that the vulnerability was introduced in the Citrix software in 2014, for this reason, it is important to also detect past exploitation of the flaw.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Citrix, CVE-2019-19781)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.