Security News > 2020 > January > Citrix Accelerates Patch Rollout For Critical RCE Flaw
Citrix has quickened its rollout of patches for a critical vulnerability in the Citrix Application Delivery Controller and Citrix Gateway products, on the heels of recent proof-of-concept exploits and skyrocketing exploitation attempts.
While Citrix originally said some versions would get a patch Jan. 31, it has now also shortened that timeframe, saying fixes are forthcoming on Jan 24.
Citrix patched Citrix ADC and Citrix Gateway version 11.1 and 12 on Jan. 19 - a day earlier than it had expected to.
"CISA strongly recommends users and administrators update Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP once the appropriate firmware updates become available," according to a Monday CISA alert on the patches.
"The fixed builds can be downloaded from Citrix Downloads pages for Citrix ADC and Citrix Gateway. Until the appropriate update is accessible, users and administrators should apply Citrix's interim mitigation steps for CVE-2019-19781."
News URL
https://threatpost.com/citrix-patch-rollout-critical-rce-flaw/152041/
Related news
- Critical Windows licensing bugs, plus two others under attack, top Patch Tuesday (source)
- CISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks (source)
- Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP (source)
- Progress warns of critical RCE bug in Telerik Report Server (source)
- Critical ServiceNow RCE flaws actively exploited to steal credentials (source)
- Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327) (source)
- Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856) (source)
- Critical Progress WhatsUp RCE flaw now under active exploitation (source)
- Critical Security Flaw in WhatsUp Gold Under Active Attack - Patch Now (source)
- Cisco warns of critical RCE zero-days in end of life IP phones (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-27 | CVE-2019-19781 | Path Traversal vulnerability in Citrix products An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. | 9.8 |