Citrix Vulnerability Could Allow Attacker to Perform Arbitrary Code Execution

In this challenging time, and with many companies moving to remote workforces, we would like to share some important information concerning a vulnerability in Citrix, as many companies utilize this tool to allow their remote workforce to connect to corporate networks and resources.

The vulnerability, discovered and published in December 2019, affects the Citrix Application Delivery Controller (ADC), formerly known as NetScaler ADC, and Citrix Gateway, formerly known as NetScaler Gateway. Citrix has advised customers that if this vulnerability is exploited, it could allow an unauthenticated attacker to perform arbitrary code execution.

On January 19, 2020, Citrix began issuing patches for the identified vulnerability and have updated the CVE accordingly. In February, a free utility was created by Citrix and Mandiant that can be run against a live NetScaler Gateway to identify potential indicators of compromise (IOC).  

Avalon Cyber has assisted several of our clients who have experienced significant security-related events as a result of this threat. Here is a link to more information and the free utility: https://github.com/citrix/ioc-scanner-CVE-2019-19781/blob/master/FAQ.md

Your IT team can run this tool (instructions can be found in the link above) on your Citrix appliance(s) and create a security report. The report will identify any existing IOC and can be used to remediate any security issues identified.  

This is a significant vulnerability and we highly recommend that anyone using these types of Citrix appliances run this tool and perform an internal review. 

And, as always, feel free to contact Avalon Cyber for additional help and support.

    Share this Post