Security News > 2020 > January > Citrix Accelerates Patch Rollout For Critical RCE Flaw
Citrix has quickened its rollout of patches for a critical vulnerability in the Citrix Application Delivery Controller and Citrix Gateway products, on the heels of recent proof-of-concept exploits and skyrocketing exploitation attempts.
While Citrix originally said some versions would get a patch Jan. 31, it has now also shortened that timeframe, saying fixes are forthcoming on Jan 24.
Citrix patched Citrix ADC and Citrix Gateway version 11.1 and 12 on Jan. 19 - a day earlier than it had expected to.
"CISA strongly recommends users and administrators update Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP once the appropriate firmware updates become available," according to a Monday CISA alert on the patches.
"The fixed builds can be downloaded from Citrix Downloads pages for Citrix ADC and Citrix Gateway. Until the appropriate update is accessible, users and administrators should apply Citrix's interim mitigation steps for CVE-2019-19781."
News URL
https://threatpost.com/citrix-patch-rollout-critical-rce-flaw/152041/
Related news
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- HPE warns of critical RCE flaws in Aruba Networking access points (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-12-27 | CVE-2019-19781 | Path Traversal vulnerability in Citrix products An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. | 9.8 |