PoC Exploits released for Citrix ADC and gateway RCE Vulnerability
It's now or to never stop your enterprise servers jogging vulnerable variations of Citrix program delivery, load balancing, and Gateway solutions from getting hacked by remote control attackers.
Why the urgency? Today earlier, multiple groupings released weaponized proof-of-idea exploit code [1 publicly, 2] for a lately disclosed remote control code execution vulnerability in Citrix's NetScaler ADC and Gateway items that could allow one to leverage them to consider complete control over potential business targets.
Before the last Xmas and year-end holidays simply, Citrix announced that it's Citrix Application Delivery Controller (ADC) and Citrix Gateway are susceptible to a critical route traversal flaw (CVE-2019-19781) that could allow an unauthenticated attacker to execute arbitrary code execution in vulnerable servers.
Citrix confirmed that the flaw impacts all supported edition of the program, including:
Citrix and ADC Gateway version 13.0 all supported builds
Citrix NetScaler and ADC Gateway version 12.1 all supported builds
Citrix ADC and NetScaler Gateway edition 12.0 all supported builds
Citrix NetScaler and ADC Gateway version 11.1 all supported builds
Citrix NetScaler and ADC Gateway version 10.5 all supported builds
The company produced the disclose without releasing any security patches for vulnerable software; instead, Citrix provided mitigation to greatly help administrators safeguard their servers against potential remote control attacks-and even at the proper time of writing, there is no patch available almost 23 days after disclosure.
Through the cyberattacks against vulnerable servers that were first observed in the wild the other day when hackers developed private exploit after reverse engineering mitigation information, the general public release of weaponized PoC would today make it easier for low-skilled script kiddies to start cyberattacks against vulnerable organizations.
According to Shodan, in the proper time of writing, there are more than 125,400 Citrix ADC or Gateway servers publicly available and will be exploited overnight in the event that not taken offline or secured using available mitigation.
Yesterday while discussing technical details of the flaw in a weblog post published, MDSsec also released a video demonstration of the exploit they developed but chose not to release it currently.
Besides applying the recommended mitigation, Citrix ADC administrators should monitor their gadget logs for episodes also.