A vulnerability has been found in Citrix Application Delivery Controller (ADC) formerly known as NetScaler ADC and Citrix Gateway formerly known as NetScaler Gateway. This vulnerability allows unauthenticated remote attackers to perform directory traversal and remote code execution. Affected versions are 10.5, 11.1, 12.0, 12.1, and 13.0.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
citrix application_delivery_controller_firmware 10.5 |
||
citrix application_delivery_controller_firmware 11.1 |
||
citrix application_delivery_controller_firmware 12.0 |
||
citrix application_delivery_controller_firmware 12.1 |
||
citrix application_delivery_controller_firmware 13.0 |
||
citrix netscaler_gateway_firmware 10.5 |
||
citrix netscaler_gateway_firmware 11.1 |
||
citrix netscaler_gateway_firmware 12.0 |
||
citrix netscaler_gateway_firmware 12.1 |
||
citrix gateway_firmware 13.0 |
A look at the cyber security trends from the first three months of 2020.
Posted: 9 Jun, 20203 Min ReadThreat Intelligence SubscribeThreat Landscape Trends – Q1 2020A look at the cyber security trends from the first three months of 2020.Towards the end of the first quarter of 2020, we took a look through telemetry from our vast range of data sources and selected some of the trends that stood out. From COVID-19-themed malicious email and BEC scams to vulnerability exploits and IoT attacks, let’s take a quick look at ...
Get our weekly newsletter Am I only dreaming, or is this burning an Eternal Blue?
Some vulnerabilities remain unreported for the longest time. The 12-year-old Dell SupportAssist remote code execution (RCE) flaw – which was finally unearthed earlier this year – would be one example. Others, however, have not only been long since reported and had patches released, but continue to pose a threat to enterprises. A joint advisory from the National Cyber Security Centre (NCSC) and the US Cybersecurity and Infrastructure Security Agency (CISA), published in late July, listed the ...
Get our weekly newsletter And you've patched them all, haven't you, diligent readers?
Western cybersecurity agencies have published a list of 30 of the most exploited vulnerabilities abused by hostile foreign states in 2020, urging infosec bods to ensure their networks and deployments are fully patched against them. Number one on the US, UK, and Australia's jointly published [PDF] list was the well-known Citrix arbitrary code execution vuln in Application Delivery Controller, aka Netscaler load-balancer. Tracked as CVE-2019-19781, the vuln has been the subject of repeated patch-i...
Criminal operators emerged from woodwork just as COVID hit the West
The Nefilim ransomware gang might not be the best known or most prolific online extortion crew but their penchant for attacking small numbers of $1bn+ turnover firms is paying off, according tot he latest research. The crew has made comparatively fewer headlines next to better-known criminals such as Darkside, perpetrators of the infamous US Colonial Pipeline attack, but analysis from security shop Trend Micro has shown the crooks appear to be going for big companies in the hope of extracting co...
Same mob promised not to target healthcare facilities
The Doppelpaymer ransomware gang were behind the cyber-attack on a German hospital that led to one patient's death, according to local sources. The Aachener Zeitung newspaper carried a report from the German Press Association (DPA) that Doppelpaymer's eponymous ransomware had been introduced to the University Hospital Düsseldorf's network through a vulnerable Citrix product. That ransomware infection, activated last week, is said by local prosecutors to have led to the death of one patient who ...
Same mob promised not to target healthcare facilities
The Doppelpaymer ransomware gang were behind the cyber-attack on a German hospital that led to one patient's death, according to local sources. The Aachener Zeitung newspaper carried a report from the German Press Association (DPA) that Doppelpaymer's eponymous ransomware had been introduced to the University Hospital Düsseldorf's network through a vulnerable Citrix product. That ransomware infection, activated last week, is said by local prosecutors to have led to the death of one patient who ...
Please just patch your infrastructure, begs US-CISA What do F5, Citrix, Pulse Secure all have in common? China exploiting their flaws to hack govt, biz – Feds
Where Chinese hackers exploit, Iranians aren’t far behind. So says the US Cybersecurity and Infrastructure Security Agency, which is warning that malicious persons from Iran are exploiting a slew of vulns in VPN products from Citrix, F5 Networks and Pulse Secure. The warning mirrors one issued earlier this week for exactly the same vendors, except with China as the malevolent party instead of Iran. “CISA and FBI are aware of a widespread campaign from an Iran-based malicious cyber actor targ...
Beijing's snoops don't even need zero-days to break into valuable networks
The US government says the Chinese government's hackers are preying on a host of high-profile security holes in enterprise IT equipment to infiltrate Uncle Sam's agencies and American businesses. Yes, this sounds like something from the Department of the Bleeding Obvious – spies do spying on all sides, and all that – but what's interesting in this latest warning is the roll call of vulnerable products being targeted. In a joint statement, the FBI and Homeland Security's Cybersecurity and Inf...
Eleven flaws cleaned up including one that may be exploited to sling malware downloads Australian PM says nation under serious state-run 'cyber attack' – Microsoft, Citrix, Telerik UI bugs 'exploited'
Citrix has issued patches for 11 CVE-listed security vulnerabilities in its various networking products. The bundle includes fixes for one code injection bug, three information disclosure flaws, three elevation of privilege bugs, two cross-site scripting vulnerabilities, one denial-of-service hole, and one authorization-bypass flaw. Affected gear includes the Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP. So far there have been no reports of any of the bug...
Update, update, update. Plus: Flash, Struts, Drupal also make appearances Sadly, 111 in this story isn't binary. It's decimal. It's the number of security fixes emitted by Microsoft this week
Vulnerabilities in Microsoft Windows, Office, and Windows Server, for which patches have been available for years, continue to be the favorite target for hackers looking to spread malware. A list posted by US-CERT this week rattles off the 10 most oft-targeted security vulnerabilities during the past three years, and finds that, shock horror, for the most part, keeping up with patching will keep you safe. Microsoft ranks highly in the list because its software is widely used, and provides the mo...
Just ask us if you need help, urge NCSC and CISA Vietnam alleged to have hacked Chinese organisations in charge of COVID-19 response
Foreign state hackers are trying to brute-force their way into pharmaceutical and medical research agencies hunting for a COVID-19 vaccine, British and American infosec agencies are warning. The National Cyber Security Centre (NCSC) and America’s Cybersecurity and Infrastructure Security Agency (CISA) cautioned of a “password spraying” campaign targeting healthcare and medical research organisations. Hostile countries are also said to be abusing a specific Citrix vulnerability (CVE-2019-19...
240 million daily virus themed spams as 'bad actors' feed on people's fear ASEAN economic bloc calls for regional fake news crushing co-operation
In the past week, an average of 18 million COVID-19 phishing emails were sent per day via Gmail to unsuspecting marks, according to Google. "No matter the size of your business, IT teams are facing increased pressure to navigate the challenges of COVID-19," said Neil Kumaran, products manager for Gmail, and Sam Lugani, lead security PMM, G Suite and CP platform, today. The pair said phishing is still the "most effective method" that scammers deploy to compromise accounts and grab data and resour...
Bad: The other 20 per cent are still wide open. Also bad: Some of those patched machines may have been hacked 'Friendly' hackers are seemingly fixing the Citrix server hole – and leaving a nasty present behind
Roughly a fifth of the public-facing Citrix devices vulnerable to the CVE-2019-19781 remote-hijacking flaw, aka Shitrix, remain unpatched and open to remote attack. Positive Technologies today estimated that thousands of companies remain open to the takeover vulnerability in Citrix ADC and Gateway. A successful exploit would give hackers a foothold in a compromised network. The infosec biz, whose researchers discovered and disclosed the vulnerability in December of last year, has been heading up...
Handy FireEye tool roots out indicators of compromise As miscreants prey on thousands of vulnerable boxes, Citrix finally emits patches to fill in hijacking holes in Gateway and ADC
Citrix and FireEye have released a new security tool to help admins find out if their servers have been hacked via the high-profile CVE-2019-19781 flaw that was disclosed in December but only patched on Monday. The free application, shared under the Apache 2.0 open-source license, will scan devices for indications of compromise for the so-called "Shitrix" arbitrary code execution vulnerability in Citrix's Application Delivery Controller and Gateway products. The tool can be run on any Citrix ins...
SD-WAN WANOP will have to wait a few days, though
Citrix has rushed out official fixes for the well-publicised vuln in some of its server products after miscreants were seen deploying their own custom patches that left a backdoor open for later exploitation. As previously reported, vulnerabilities in Citrix Application Delivery Encoder and Citrix Gateway could allow remote attackers to carry out unauthenticated code execution. In other words, baddies not on your network could get into it and start running all kinds of malicious software. And th...
Congratulations, you've won a secret backdoor Patch now: Published Citrix applications leave networks of 'potentially 80,000' firms at risk from attackers
Hackers exploiting the high-profile Citrix CVE-2019-19781 flaw to compromise VPN gateways are now patching the servers to keep others out. Researchers at FireEye report finding a hacking group (dubbed NOTROBIN) that has been bundling mitigation code for NetScaler servers with its exploits. In effect, the hackers exploit the flaw to get access to the server, kill any existing malware, set up their own backdoor, then block off the vulnerable code from future exploit attempts by mitigation. Obvious...
Congratulations, you've won a secret backdoor Patch now: Published Citrix applications leave networks of 'potentially 80,000' firms at risk from attackers
Hackers exploiting the high-profile Citrix CVE-2019-19781 flaw to compromise VPN gateways are now patching the servers to keep others out. Researchers at FireEye report finding a hacking group (dubbed NOTROBIN) that has been bundling mitigation code for NetScaler servers with its exploits. In effect, the hackers exploit the flaw to get access to the server, kill any existing malware, set up their own backdoor, then block off the vulnerable code from future exploit attempts by mitigation. Obvious...
Good news: There is none. Well, apart from you can at least fully patch the Microsoft blunder Welcome to the 2020s: Booby-trapped Office files, NSA tipping off Windows cert-spoofing bugs, RDP flaws...
Vid Easy-to-use exploits have emerged online for two high-profile security vulnerabilities, namely the Windows certificate spoofing bug and the Citrix VPN gateway hole. If you haven't taken mitigation steps by now, you're about to have a bad time. While IT admins can use the proof-of-concept exploit code to check their own systems are secure, miscreants can use them to, in the case of Citrix, hijack remote systems, or in the case of Windows, masquerade malware as legit apps or potentially interc...
Plus: TikTok clocked, Honey in a sticky situation, Arm's PAN mechanisms sidestepped
Roundup Welcome to another Register security roundup. Here are a few stories that caught our eye. Late last month Citrix disclosed a critical security hole (CVE-2019-19781) in its Application Delivery Controller and Unified Gateway offerings (VPN products formerly known as Netscaler ADC and Netscaler Gateways). Up to 80,000 systems were thought to be at risk, with some 25,000 instances found online over the weekend. Those admins who haven't put mitigations in place by now will want to make sure ...
Unauthorised users able to perform 'arbitrary code execution'
A critical vulnerability found in Citrix Application Delivery Controller and Citrix Gateway (formerly known as Netscaler ADC and Netscaler Gateway) means businesses with apps published using these technologies may be exposing their internal network to unauthorised access. Citrix (NetScaler) ADC is a load balancer and monitoring tech, while Unified Gateway provides remote access to internal applications. This can include desktop applications as well as intranet or web applications. "Any applicati...
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Yet more pain for the software formerly known as NetScaler
The China-linked crime gang APT5 is already attacking a flaw in Citrix's Application Delivery Controller (ADC) and Gateway products that the vendor patched today. Citrix says the flaw, CVE-2022-27518, "could allow an unauthenticated remote attacker to perform arbitrary code execution on the appliance" if it is configured as a SAML service provider or identity provider (SAML SP, SAML IdP). Unusually, Citrix has a policy of not revealing the Common Vulnerability Scoring System (CVSS) scores for it...
Vulmon