Security News > 2020 > February > Good: IT admins scrambled to patch 80 per cent of public-facing Citrix boxes to close nightmare hijack hole

Good: IT admins scrambled to patch 80 per cent of public-facing Citrix boxes to close nightmare hijack hole
2020-02-06 21:42

Roughly a fifth of the public-facing Citrix devices vulnerable to the CVE-2019-19781 remote-hijacking flaw, aka Shitrix, remain unpatched and open to remote attack.

Positive Technologies today estimated that thousands of companies remain open to the takeover vulnerability in Citrix ADC and Gateway.

"Overall, the vulnerability is being fixed quickly, but 19 per cent of companies are still at risk. The countries with the greatest numbers of vulnerable companies currently include Brazil, China, Russia, France, Italy, and Spain," Positive reports.

Considering how many machines are exposed to months and even years-old vulnerabilities, having 80 per cent of all boxes in the wild patched in under two months is to be commended.

That said, the remaining 20 per cent of internet-facing machines should get patched ASAP, especially as there are now plug-and-play exploits being used in the wild.


News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/02/06/citrix_boxes_patched/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2019-12-27 CVE-2019-19781 Path Traversal vulnerability in Citrix products
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0.
network
low complexity
citrix CWE-22
critical
 9.8
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Citrix 66 2 64 101 46 213