7.5
CVSSv2

CVE-2019-19781

Published: 27/12/2019 Updated: 08/01/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

An issue exists in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.

Vulnerability Trend

Affected Products

Vendor Product Versions
CitrixApplication Delivery Controller Firmware10.5, 11.1, 12.0, 12.1, 13.0
CitrixGateway Firmware13.0
CitrixNetscaler Gateway Firmware10.5, 11.1, 12.0, 12.1

Vendor Advisories

A vulnerability has been identified in Citrix Application Delivery Controller (ADC) formerly known as NetScaler ADC and Citrix Gateway formerly known as NetScaler Gateway that, if exploited, could allow an unauthenticated attacker to perform arbitrary code execution The scope of this vulnerability includes Citrix ADC and Citrix Ga ...
A vulnerability has been identified in Citrix Application Delivery Controller (ADC) formerly known as NetScaler ADC and Citrix Gateway formerly known as NetScaler Gateway that, if exploited, could allow an unauthenticated attacker to perform arbitrary code execution The scope of this vulnerability includes Citrix ADC and Citrix Ga ...

Mailing Lists

Citrix Application Delivery Controller and Citrix Gateway remote code execution proof of concept exploit ...
This is an nmap nse script to test for the path traversal vulnerability in Citrix Application Delivery Controller (ADC) and Gateway ...
This Metasploit module exploits a remote code execution vulnerability in Citrix Application Delivery Controller and Gateway version 105 ...
Citrix Application Delivery Controller and Citrix Gateway directory traversal remote code execution exploit ...
This Metasploit module exploits a directory traversal in Citrix Application Delivery Controller (ADC), aka NetScaler, and Gateway 105, 111, 120, 121, and 130, to execute an arbitrary command payload ...

Metasploit Modules

Citrix ADC (NetScaler) Directory Traversal RCE

This module exploits a directory traversal in Citrix Application Delivery Controller (ADC), aka NetScaler, and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0, to execute an arbitrary command payload.

msf > use exploit/linux/http/citrix_dir_traversal_rce
msf exploit(citrix_dir_traversal_rce) > show targets
    ...targets...
msf exploit(citrix_dir_traversal_rce) > set TARGET < target-id >
msf exploit(citrix_dir_traversal_rce) > show options
    ...show and set options...
msf exploit(citrix_dir_traversal_rce) > exploit
Citrix ADC (NetScaler) Directory Traversal Scanner

This module exploits a directory traversal vulnerability (CVE-2019-19781) within Citrix ADC (NetScaler). It requests the smb.conf file located in the /vpns/cfg directory by issuing the request /vpn/../vpns/cfg/smb.conf. It then checks if the server is vulnerable by looking for the presence of a "[global]" directive in smb.conf, which this file should always contain.

msf > use auxiliary/scanner/http/citrix_dir_traversal
msf auxiliary(citrix_dir_traversal) > show actions
    ...actions...
msf auxiliary(citrix_dir_traversal) > set ACTION < action-name >
msf auxiliary(citrix_dir_traversal) > show options
    ...show and set options...
msf auxiliary(citrix_dir_traversal) > run

Github Repositories

No description, website, or topics provided.

Here a list of useful information about threats using covid19 theme.

Gather a list of Citrix appliances in a country / state pair, and check if they're vulnerable to CVE-2019-19781

This is a repository with links Python for Web Application

Create Links TO-DO Methodologies Development HTTP Best Pratices Organize File and Index

URL collection from browsing twitter

第1.5阶段:武器积累

goby vulnerability-research

CMS、中间件漏洞检测利用合集 Since 2019-9-15

CVE-2019-0193 RCE

红方人员作战执行手册

红方人员作战执行手册

No description, website, or topics provided.

Recent Articles

Threat Landscape Trends – Q1 2020
Symantec Threat Intelligence Blog • Critical Attack Discovery and Intelligence Team • 09 Jun 2020

A look at the cyber security trends from the first three months of 2020.

Posted: 9 Jun, 20203 Min ReadThreat Intelligence SubscribeThreat Landscape Trends – Q1 2020A look at the cyber security trends from the first three months of 2020.Towards the end of the first quarter of 2020, we took a look through telemetry from our vast range of data sources and selected some of the trends that stood out.

From COVID-19-themed malicious email and BEC scams to vulnerability exploits and IoT attacks, let’s take a q...

Business services giant Conduent allegedly hit by Maze Ransomware
BleepingComputer • Lawrence Abrams • 04 Jun 2020

The Maze Ransomware operators are claiming to have successfully attacked business services giant Conduent, where they stole unencrypted files and encrypted devices on their network.
Conduent is a New Jersey, USA based business services firm with 67,000 employees and a 2019 business revenue of $4.47 billion.
Today, Maze Ransomware posted a new entry to their data leak site that states that they breached the network for Conduent in May 2020.
When conducting an attack, the Maze ...

Business services giant Conduent hit by Maze Ransomware
BleepingComputer • Lawrence Abrams • 04 Jun 2020

The Maze Ransomware operators are claiming to have successfully attacked business services giant Conduent, where they stole unencrypted files and encrypted devices on their network.
Conduent is a New Jersey, USA based business services firm with 67,000 employees and a 2019 business revenue of $4.47 billion.
Today, Maze Ransomware posted a new entry to their data leak site that states that they breached the network for Conduent in May 2020.
When conducting an attack, the Maze ...

US govt shares list of most exploited vulnerabilities since 2016
BleepingComputer • Sergiu Gatlan • 12 May 2020

US Government cybersecurity agencies and specialists today have released a list of the top 10 routinely exploited security vulnerabilities between 2016 and 2019.
Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the broader US Government issued the AA20-133A alert through the National Cyber Awareness System to make it easier for organizations from the public and private sector to prioritize patching in their environments.
"The...

Surprise surprise! Hostile states are hacking coronavirus vaccine research, warn UK and USA intelligence
The Register • Gareth Corfield • 05 May 2020

Just ask us if you need help, urge NCSC and CISA

Foreign state hackers are trying to brute-force their way into pharmaceutical and medical research agencies hunting for a COVID-19 vaccine, British and American infosec agencies are warning.
The National Cyber Security Centre (NCSC) and America’s Cybersecurity and Infrastructure Security Agency (CISA) cautioned of a “password spraying” campaign targeting healthcare and medical research organisations.
Hostile countries are also said to be abusing a specific Citrix vulnerability ...

Google: We've blocked 126 million COVID-19 phishing scams in the last week
The Register • Paul Kunert • 17 Apr 2020

240 million daily virus themed spams as 'bad actors' feed on people's fear

In the past week, some 18 million COVID-19 phishing emails were sent via Gmail to unsuspecting marks, according to Google.
"No matter the size of your business, IT teams are facing increased pressure to navigate the challenges of COVID-19," said Neil Kumaran, products manager for Gmail, and Sam Lugani, lead security PMM, G Suite and CP platform, today.
The pair said phishing is still the "most effective method" that scammers deploy to compromise accounts and grab data and resources f...

Chinese Hackers Exploit Cisco, Citrix Flaws in Massive Espionage Campaign
Threatpost • Lindsey O'Donnell • 25 Mar 2020

Researchers warn that APT41, a notorious China-linked threat group, has targeted more than 75 organizations worldwide in “one of the broadest campaigns by a Chinese cyber-espionage actor observed in recent years.”
Between Jan. 20 and March 11, researchers observed APT41 exploiting vulnerabilities in Citrix NetScaler/ADC, Cisco routers and Zoho ManageEngine Desktop Central as part of the widespread espionage campaign. Researchers said it’s unclear if APT41 attempted exploitation en ma...

Chinese Hackers Use Cisco, Citrix, Zoho Exploits In Targeted Attacks
BleepingComputer • Sergiu Gatlan • 25 Mar 2020

The Chinese state-sponsored group APT41 has been at the helm of a range of attacks that used recent exploits to target security flaws in Citrix, Cisco, and Zoho appliances and devices of entities from a multitude of industry sectors spanning the globe.
It is not known if the campaign that started in January 2020 was designed to take advantage of companies having to focus on setting up everything needed by their remote workers while in COVID-19 lockdown or quarantine but, as FireEye resea...

UK Fintech Firm Finastra Hit By Ransomware, Shuts Down Servers
BleepingComputer • Sergiu Gatlan • 20 Mar 2020

Finastra, a leading financial technology provider from the UK, announced that it had to take several servers offline following a ransomware attack detected earlier today.
The fintech company provides financial software and services to more than 9,000 customers of all sizes from 130 countries across the globe, including 90 of the top 100 banks globally.
Finastra also has over 10,000 employees working from 42 offices, including London, New York, and Toronto, and a $1.9 billion in re...

The Week in Ransomware - February 28th 2020 - Data Leaks Everywhere
BleepingComputer • Lawrence Abrams • 28 Feb 2020

Over the past two weeks, we continue to see small towns, fire departments, hospitals, and companies being attacked by ransomware.
As more ransomware operators adopt the technique of stealing data and publishing it on data leak sites, organizations face increased pressure to declare data breaches after a ransom attack.
More than ever, organizations need to tighten the security on their network to avoid compromise as ransomware attacks no longer just affect the attacked companies, but ...

DoppelPaymer Hacked Bretagne Télécom Using the Citrix ADC Flaw
BleepingComputer • Sergiu Gatlan • 26 Feb 2020

Cloud services provider Bretagne Télécom was hacked by the threat actors behind the DoppelPaymer Ransomware using an exploit that targeted servers unpatched against the CVE-2019-19781 vulnerability.
Bretagne Télécom is a privately held French cloud hosting and enterprise telecommunications company that provides telephony, Internet and networking, hosting, and cloud computing services to roughly 3,000 customers, operating around 10,000 managed servers.
In their case, it's a story ...

Good: IT admins scrambled to patch 80 per cent of public-facing Citrix boxes to close nightmare hijack hole
The Register • Shaun Nichols in San Francisco • 06 Feb 2020

Bad: The other 20 per cent are still wide open. Also bad: Some of those patched machines may have been hacked

Roughly a fifth of the public-facing Citrix devices vulnerable to the CVE-2019-19781 remote-hijacking flaw, aka Shitrix, remain unpatched and open to remote attack.
Positive Technologies today estimated that thousands of companies remain open to the takeover vulnerability in Citrix ADC and Gateway. A successful exploit would give hackers a foothold in a compromised network.
The infosec biz, whose researchers discovered and disclosed the vulnerability in December of last year, has bee...

The Week in Ransomware - January 31st 2020 - Taking it to The Courts
BleepingComputer • Lawrence Abrams • 31 Jan 2020

This week we saw victims continuing to use the legal system to target ransomware operators' assets and services as well as a new ransomware targeting vulnerabilities.
The most interesting news is how victims are utilizing the legal system to freeze or get injunctions against the assets and services used by ransomware operators. This was seen in the previous Southwire lawsuit against Maze and this week with a UK judge freezing the ransomware wallet for Bitpaymer.
Also of interest, we...

Ragnarok Ransomware Targets Citrix ADC, Disables Windows Defender
BleepingComputer • Lawrence Abrams • 28 Jan 2020

A new ransomware called Ragnarok has been detected being used in targeted attacks against unpatched Citrix ADC servers vulnerable to the CVE-2019-19781 exploit.
Last week, FireEye released a report about new attacks exploiting the now patched Citrix ADC vulnerability to install the new Raganarok Ransomware on vulnerable networks.
When attackers are able to compromise a Citrix ADC device, various scripts would be downloaded and executed that scan for Windows computers vulnerable to...

City of Potsdam Servers Offline Following Cyberattack
BleepingComputer • Sergiu Gatlan • 24 Jan 2020

The City of Potsdam severed the administration servers' Internet connection following a cyberattack that took place earlier this week. Emergency services including the city's fire department fully operational and payments are not affected.
Potsdam is the largest city and the capital of the German federal state of Brandenburg, bordering the German capital, Berlin.
The systems of the Brandenburg capital are still offline after the unauthorized access to the Potsdam administration's se...

Citrix Releases Final Patch as Ransomware Attacks Ramp Up
BleepingComputer • Sergiu Gatlan • 24 Jan 2020

Citrix released the final permanent fix for the actively exploited CVE-2019-19781 vulnerability, needed to secure all vulnerable Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP appliances.
"Today, we released the permanent fix for Citrix Application Delivery Controller (ADC) version 10.5 to address the CVE-2019-19781 vulnerability," Citrix's CISO Fermin J. Serna says.
"We have now released permanent fixes for all supported versions of ADC, Gate...

The Week in Ransomware - January 24th 2020 - Duck for Cover!
BleepingComputer • Lawrence Abrams • 24 Jan 2020

Ransomware continues its onslaught against cities, the enterprise, and even houses of worship as threat actors attempt to encrypt as much as they can to earn big payouts.
The publishing of stolen data to get victims to pay has also been a theme this week, with both Maze and Sodinokibi releasing victims data for not paying.
We also saw a bunch of new variants being released into the wild, including the threat actors exploiting the Citrix ADC vulnerability to install the new Ragnarok ...

Still losing sleep over that awful Citrix bug? This scanner is here to help... you realize you've already been pwned
The Register • Shaun Nichols in San Francisco • 23 Jan 2020

Handy FireEye tool roots out indicators of compromise

Citrix and FireEye have released a new security tool to help admins find out if their servers have been hacked via the high-profile CVE-2019-19781 flaw that was disclosed in December but only patched on Monday.
The free application, shared under the Apache 2.0 open-source license, will scan devices for indications of compromise for the so-called "Shitrix" arbitrary code execution vulnerability in Citrix's Application Delivery Controller and Gateway products. The tool can be run on any Citr...

PoC Exploits Do More Good Than Harm: Threatpost Poll
Threatpost • Lindsey O'Donnell • 22 Jan 2020

When it comes to the release of proof-of-concept (PoC) exploits, more security experts agree that the positives outweigh the negatives, according to a recent and informal Threatpost poll.
Last week, Threatpost conducted a reader poll and almost 60 percent of 230 security pundits thought it was a “good idea” to publish PoC code for zero days. Up to 38 percent of respondents, meanwhile, argued it wasn’t a good idea.
The debate comes on the heels of PoC code being released last we...

Citrix Releases Scanner to Detect Hacked Citrix ADC Appliances
BleepingComputer • Sergiu Gatlan • 22 Jan 2020

Citrix released a free scanner for detecting compromised Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP appliances by digging for indicators of compromise (IoC) collected in incident response engagements related to CVE-2019-19781 exploitation.
The tool was developed in collaboration with FireEye and it is designed to be used locally to scan their organizations Citrix instances, one appliance at a time, to get assessments of potential indications of co...

Citrix Accelerates Patch Rollout For Critical RCE Flaw
Threatpost • Lindsey O'Donnell • 21 Jan 2020

Citrix has quickened its rollout of patches for a critical vulnerability (CVE-2019-19781) in the Citrix Application Delivery Controller (ADC) and Citrix Gateway products, on the heels of recent proof-of-concept exploits and skyrocketing exploitation attempts.
Several versions of the products still remain unpatched – but they will be getting a patch sooner than they were slated to. While Citrix originally said some versions would get a patch Jan. 31, it has now also shortened that timefr...

As miscreants prey on thousands of vulnerable boxes, Citrix finally emits patches to fill in hijacking holes in Gateway and ADC
The Register • Gareth Corfield • 20 Jan 2020

SD-WAN WANOP will have to wait a few days, though

Citrix has rushed out official fixes for the well-publicised vuln in some of its server products after miscreants were seen deploying their own custom patches that left a backdoor open for later exploitation.
As previously reported, vulnerabilities in Citrix Application Delivery Encoder and Citrix Gateway could allow remote attackers to carry out unauthenticated code execution.
In other words, baddies not on your network could get into it and start running all kinds of malicious soft...

Citrix Patches CVE-2019-19781 Flaw in Citrix ADC 11.1 and 12.0
BleepingComputer • Sergiu Gatlan • 19 Jan 2020

Citrix released permanent fixes for the actively exploited CVE-2019-19781 vulnerability impacting Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP appliances and allowing unauthenticated attackers to perform arbitrary code execution.
"Permanent fixes for ADC versions 11.1 and 12.0 are available as downloads here and here," Citrix's CISO Fermin J. Serna says in an update published today.
"These fixes also apply to Citrix ADC and Citrix Gateway ...

'Friendly' hackers are seemingly fixing the Citrix server hole – and leaving a nasty present behind
The Register • Shaun Nichols in San Francisco • 17 Jan 2020

Congratulations, you've won a secret backdoor

Hackers exploiting the high-profile Citrix CVE-2019-19781 flaw to compromise VPN gateways are now patching the servers to keep others out.
Researchers at FireEye report finding a hacking group (dubbed NOTROBIN) that has been bundling mitigation code for NetScaler servers with its exploits. In effect, the hackers exploit the flaw to get access to the server, kill any existing malware, set up their own backdoor, then block off the vulnerable code from future exploit attempts by mitigation.

'Friendly' hackers are seemingly fixing the Citrix server hole – and leaving a nasty present behind
The Register • Shaun Nichols in San Francisco • 17 Jan 2020

Congratulations, you've won a secret backdoor

Hackers exploiting the high-profile Citrix CVE-2019-19781 flaw to compromise VPN gateways are now patching the servers to keep others out.
Researchers at FireEye report finding a hacking group (dubbed NOTROBIN) that has been bundling mitigation code for NetScaler servers with its exploits. In effect, the hackers exploit the flaw to get access to the server, kill any existing malware, set up their own backdoor, then block off the vulnerable code from future exploit attempts by mitigation.

Hackers Are Securing Citrix Servers, Backdoor Them for Access
BleepingComputer • Sergiu Gatlan • 17 Jan 2020

An unknown threat actor is currently scanning for and securing vulnerable Citrix ADC servers against CVE-2019-19781 exploitation attempts, while also backdooring them for future access.
The actor deploys a payload dubbed NOTROBIN by FireEye researchers who discovered this campaign, an implant designed to clean the Citrix ADC appliances of malware strains known to target such devices and to mitigate the CVE-2019-19781 flaw to block subsequent exploitation efforts.
NOTROBIN also plants...

Bad news: Windows security cert SNAFU exploits are all over the web now. Also bad: Citrix gateway hole mitigations don't work for older kit
The Register • Shaun Nichols in San Francisco • 16 Jan 2020

Good news: There is none. Well, apart from you can at least fully patch the Microsoft blunder

Vid Easy-to-use exploits have emerged online for two high-profile security vulnerabilities, namely the Windows certificate spoofing bug and the Citrix VPN gateway hole. If you haven't taken mitigation steps by now, you're about to have a bad time.
While IT admins can use the proof-of-concept exploit code to check their own systems are secure, miscreants can use them to, in the case of Citrix, hijack remote systems, or in the case of Windows, masquerade malware as legit apps or potentially ...

Unpatched Citrix Flaw Now Has PoC Exploits
Threatpost • Lindsey O'Donnell • 13 Jan 2020

Proof-of-concept (PoC) exploit code has been released for an unpatched remote-code-execution vulnerability in the Citrix Application Delivery Controller (ADC) and Citrix Gateway products.
The vulnerability (CVE-2019-19781), which Threatpost reported on in December, already packs a double-punch in terms of severity: Researchers say it is extremely easy to exploit, and affects all supported versions of Citrix Gateway products and Citrix ADC, a purpose-built networking appliance meant to impr...

If you haven't shored up that Citrix hole, you were probably hacked over the weekend: Exploit code now available
The Register • Shaun Nichols in San Francisco • 13 Jan 2020

Plus: TikTok clocked, Honey in a sticky situation, Arm's PAN mechanisms sidestepped

Roundup Welcome to another Register security roundup. Here are a few stories that caught our eye.
Late last month Citrix disclosed a critical security hole (CVE-2019-19781) in both its Application Delivery Controller and Unified Gateway (formerly known as Netscaler ADC and Netscaler Gateway) offerings. Up to 80,000 systems were thought to be at risk, with some 25,000 instances found online over the weekend.
Those admins who haven't put mitigations in place by now will want to make su...

CISA Releases Test Tool for Citrix ADC CVE-2019-19781 Vulnerability
BleepingComputer • Sergiu Gatlan • 13 Jan 2020

DHS CISA released a public domain tool designed to help security staff to test if their organizations are vulnerable to ongoing attacks that might target the CVE-2019-19781 security flaw impacting the Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) products.
"The Cybersecurity and Infrastructure Security Agency (CISA) has released a utility that enables users and administrators to test whether their Citrix Application Delivery Controller (AD...

The Week in Ransomware - January 10th 2020 - Now Data Breaches
BleepingComputer • Lawrence Abrams • 11 Jan 2020

This week we have seen new ransomware operators targeting businesses, stolen data published, and the Sodinokibi Ransomware being confirmed as behind the Travelex cyber attack.
Ransomware operators targeting the enterprise and stealing data before encrypting computers is the new normal and businesses need to start changing how they react to these types of attacks.
Instead of hiding ransomware attacks, victims will need to be transparent, treat the attacks like data breaches, file g...

Citrix ADC CVE-2019-19781 Exploits Released, Fix Now!
BleepingComputer • Lawrence Abrams • 11 Jan 2020

Numerous working exploits for the Citrix ADC (NetScaler) CVE-2019-19781 vulnerability are finally here and have been publicly posted in numerous locations. There is no patch available for this vulnerability, but Citrix has provided mitigations, which should be applied now!
If successfully exploited, this vulnerability allows unauthenticated users to utilize directory traversal to perform arbitrary code execution.
Since late December, we have been reporting and security professionals...

Attackers Are Scanning for Vulnerable Citrix Servers, Secure Now
BleepingComputer • Sergiu Gatlan • 08 Jan 2020

Security researchers have observed ongoing scans for Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) servers vulnerable to attacks exploiting CVE-2019-19781 during the last week.
This vulnerability impacts multiple Citrix products and it could potentially expose the networks of over 80,000 firms to hacking attacks according to a Positive Technologies report from December.
As the security outfit said at the time, "at least 80,000 com...

Critical Citrix Bug Puts 80,000 Corporate LANs at Risk
Threatpost • Tara Seals • 26 Dec 2019

Digital workspace and enterprise networks vendor Citrix has announced a critical vulnerability in the Citrix Application Delivery Controller (ADC) and Citrix Gateway. If exploited, it could allow unauthenticated attackers to gain remote access to a company’s local network and carry out arbitrary code execution.
The Citrix products (formerly the NetScaler ADC and Gateway) are used for application-aware traffic management and secure remote access, respectively, and are installed in at leas...

Patch now: Published Citrix applications leave networks of 'potentially 80,000' firms at risk from attackers
The Register • Tim Anderson • 23 Dec 2019

Unauthorised users able to perform 'arbitrary code execution'

A critical vulnerability found in Citrix Application Delivery Controller and Citrix Gateway (formerly known as Netscaler ADC and Netscaler Gateway) means businesses with apps published using these technologies may be exposing their internal network to unauthorised access.
Citrix (NetScaler) ADC is a load balancer and monitoring tech, while Unified Gateway provides remote access to internal applications. This can include desktop applications as well as intranet or web applications. "Any app...

Critical Citrix Flaw May Expose Thousands of Firms to Attacks
BleepingComputer • Sergiu Gatlan • 23 Dec 2019

A newly discovered vulnerability impacting the Citrix Application Delivery Controller (NetScaler ADC) and the Citrix Gateway (NetScaler Gateway) could potentially expose the networks of over 80,000 firms to hacking attacks.
The vulnerability, currently tracked as CVE-2019-19781, could allow remote attackers with access to a company's internal network without requiring authentication. 
If successfully exploited, it leads to arbitrary code execution according to Positive Technologi...

Dutch Govt Suggests Turning Off Citrix ADC Devices, Mitigations May Fail
BleepingComputer • Ionut Ilascu • 01 Jan 1970

Mitigation recommendations for CVE-2019-19781, a currently unpatched critical flaw affecting Citrix Application Delivery Controller (ADC) and Citrix Gateway, do not have the expected effect on all product versions.
In an updated advisory today, the software company informs that it found a new product that is vulnerable to the same security issue and that the advised actions do not work on some versions of Citrix ADC.
Until patches become available, the company sticks to the original ...

Nation-state hackers are targeting COVID-19 response orgs
BleepingComputer • Sergiu Gatlan • 01 Jan 1970

Organizations involved in international COVID-19 responses, healthcare, and essential services are actively targeted by government-backed hacking groups according to a joint advisory issued today by cyber-security agencies from the US and the UK.
Healthcare bodies, medical research organizations, pharmaceutical companies, academia, and local governments are some examples of organizations currently being targeted by state-backed hacking groups.
"APT actors frequently target organizati...

Citrix fixes 11 flaws in ADC, Gateway, and SD-WAN WANOP appliances
BleepingComputer • Sergiu Gatlan • 01 Jan 1970

Citrix today patched a set of 11 vulnerabilities found to affect its Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP (appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO) networking products.
According to Citrix, these vulnerabilities are not related to CVE-2019-19781 remote code execution flaw the company patched in January 2020 and do not affect cloud versions of Citrix appliances.
The patches released today by Citrix fully resolve all the security issues, and customers...

Patching the Citrix ADC Bug Doesn't Mean You Weren't Hacked
BleepingComputer • Ionut Ilascu • 01 Jan 1970

Citrix on Friday released the final patch for the critical vulnerability tracked as CVE-2019-19781 in its affected appliances. Many organizations are still at risk, though, as they continue to run Citrix servers without a fix or the advised mitigations.
This security flaw is as bad as it can be since it allows unauthenticated attackers to directly access a company’s local network from the internet and run code via directory traversal.
It affects the Citrix Application Delivery Cont...

The Register

Vulnerabilities in Microsoft Windows, Office, and Windows Server, for which patches have been available for years, continue to be the favorite target for hackers looking to spread malware.
A list posted by US-CERT this week rattles off the 10 most oft-targeted security vulnerabilities during the past three years, and finds that, shock horror, for the most part, keeping up with patching will keep you safe.
Microsoft ranks highly in the list because its software is widely used, and pro...

Chinese malware used in attacks against Australian orgs
BleepingComputer • Ionut Ilascu • 01 Jan 1970

The Australian government released an advisory late last week about increased cyber activity from a state actor against networks belonging to its agencies and companies in the country.
Behind the attack is a “sophisticated” adversary that relies on slightly modified proof-of-concept exploit code for yesteryear vulnerabilities, the government says. An unofficial blame finger points to China.
Resilient adversary
The attacker targets public-facing infrastructure with remote co...