Security News > 2020 > January > Hackers Scan for Vulnerable Citrix ADC Systems
Weeks after Citrix revealed a critical vulnerability impacting its Application Delivery Controller and Gateway products, hackers have started to scan the Internet for vulnerable systems, security researchers report.
Now, only three weeks later, security researchers are already observing online scans for vulnerable systems, as well as exploitation attempts targeting CVE-2019-19781.
"In my Citrix ADC honeypot, CVE-2019-19781 is being probed with attackers reading sensitive credential config files remotely using./ directory traversal. So this is in the wild, active exploitation starting up," security researcher Kevin Beaumont said on Twitter.
The source IPs scanning his honeypot are located on the networks of China Mobile, BACloud, CHINA UNICOM Shanghai city network, and OpenIP. Based on the mitigation steps advised by Citrix, exploit attempts are expected to involve a path traversal likely related to the /vpns/ path on Citrix systems, Tripwire security researcher Craig Young notes.
21 days after Citrix published its advisory, less than a third of the exposed appliances had the mitigation enabled, with 39,378 of them remaining vulnerable.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-27 | CVE-2019-19781 | Path Traversal vulnerability in Citrix products An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. | 9.8 |