Security News > 2020 > January > Hackers use system weakness to rattle doors on Citrix systems

Hackers use system weakness to rattle doors on Citrix systems
2020-01-10 11:02

Attackers are using a serious bug in Citrix products to scan the internet for weaknesses, according to experts.

The flaw, CVE-2019-19781, affects the company's NetScaler ADC Application Delivery Controller and its Citrix Gateway.

Although Citrix hasn't released details of the bug in its advisory, several researchers have suggested that it is a directory traversal vulnerability that allows someone from the outside to reach a directory that they shouldn't access.

There's no patch for this vulnerability yet, but Citrix has provided some mitigation steps to help protect systems for the time being.

There's also a detection rule for Sigma, a generic signature format for security incident and event management systems, that will help detect people trying to hit your Citrix products with an exploit.


News URL

https://nakedsecurity.sophos.com/2020/01/10/hackers-use-system-weakness-to-rattle-doors-on-citrix-systems/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2019-12-27 CVE-2019-19781 Path Traversal vulnerability in Citrix products
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0.
network
low complexity
citrix CWE-22
critical
 9.8
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Citrix 115 19 174 75 63 331