Rewterz Threat Alert – Snake Ransomware Targeting Business Networks
January 8, 2020Rewterz Threat Alert – Cryptocurrency Business Continued to be Targeted by Lazarus
January 8, 2020Rewterz Threat Alert – Snake Ransomware Targeting Business Networks
January 8, 2020Rewterz Threat Alert – Cryptocurrency Business Continued to be Targeted by Lazarus
January 8, 2020Severity
High
Analysis Summary
Ongoing scans for Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) servers vulnerable to attacks exploiting CVE-2019-19781
If exploited, it could allow an unauthenticated remote attacker to access private network resources and execute arbitrary code on vulnerable systems. This attack does not require access to any accounts, and therefore can be performed by any external attacker.
This vulnerability allows any unauthorized attacker to not only access published applications, but also attack other resources on the company’s internal network from the Citrix server.
Impact
Arbitrary code execution
Affected Vendors
Citrix
Affected Products
- Citrix ADC and Citrix Gateway version 13.0 all supported builds
- Citrix ADC and NetScaler Gateway version 12.1 all supported builds
- Citrix ADC and NetScaler Gateway version 12.0 all supported builds
- Citrix ADC and NetScaler Gateway version 11.1 all supported builds
- Citrix NetScaler ADC and NetScaler Gateway version 10.5 all supported builds
Remediation
Citrix has released a set of mitigation measures which can be implemented and recommends recommends all impacted customers to apply them as soon as possible.