Researchers have warned that cyberattackers are carrying out scans to find Citrix servers susceptible to a serious security fault in ADC and Gateway products.
Revealed in December, the critical flaw, tracked as CVE-2019-19781, affects the Citrix Application Delivery Controller (ADC) alongside Citrix Gateway, previously called NetScaler Gateway.
Investigators have assessed that at least 80,000 organizations in 158 countries are users of ADC and could, therefore, be vulnerable. Corporations in the firing line are largely based in the US, almost 38 percent, in addition to the UK, Germany, the Netherlands, and Australia.
“Depending on specific configuration, Citrix applications can be used for connecting to workstations and critical business systems (including ERP),” Positive Technologies says. “In almost every case, Citrix applications are accessible on the company network perimeter, and are therefore the first to be attacked. This vulnerability allows any unauthorized attacker to not only access published applications, but also attack other resources of the company’s internal network from the Citrix server.”
As per reliable reports, cybersecurity investigators have noticed a hike in scans for Citrix servers possibly vulnerable to the bug.
It does not seem that any public exploit code is being extensively used. A patch has yet to be issued for the issue but Citrix has issued extenuation guidelines in the interim. The company suggests that IT administrations run a set of commands to adapt responder policies.
“Citrix strongly urges affected customers to immediately apply the provided mitigation. Customers should then upgrade all of their vulnerable appliances to a fixed version of the appliance firmware when released,” Citrix says.
In March last year, Citrix revealed a security breach triggered by weak account credentials in a method used as password spraying. Threat actors managed to access internal networks and download private business documents.