On the 17th December 2019, Citrix disclosed their ADC and Citrix Gateway products version 10.5, 11.1, 12.0, 1.1 and 13.0 are all effected by CVE-2019-19781. This particular vulnerability allows unauthenticated, remote code execution, and it provides a malicious attacker with an ability to execute code without login, the attacker can target servers hosted inside your private network behind Citrix ADC appliance.
There are many exploits available on the internet for CVE-2019-19781 for anyone to use and attempt to exploit vulnerable systems. Using these exploits, a malicious user can easily compromise the target system and gain user-level access. The attacker can use additional exploits to take control of the system as the root user on the ADC appliance. Because of these reasons, the scoring for Citrix Netscaler vulnerability CV-2019-19781 is critical. This particular vulnerability is very attractive for hackers, and there is evidence of an increasing number of attacks on ADC appliances. Darktrace Cyber AI has detected at least 80 customers with a compromised system. Using CV-2019-19781, the hackers are exploiting ADC appliance for bitcoins mining. Furthermore, according to experts, an estimated 80,000 or more systems are at risk.
To contribute in a fight against cyber crimes and making the internet safer, iVersion Support has dedicated resources at no cost for our customers and limited support for any Australian business in need of assistance. If you have Citrix Support, you can call them to apply remediation. If you are not able to get timely support from Citrix, please feel free to call our support team to implement the remediation mention in Citrix support thread at no cost.
Verifying Patch
iVersion support will perform a scan for CV-2109-19781 after applying remediation action to confirm you are not vulnerable. We will provide a scan report confirming the outcome. However, it is crucial to use a permanent fix to mitigate this vulnerability by upgrading your ADC and Gateway appliance when Citrix releases the new build.
Permanent Solution
Citrix announced that they are going to release a rebuild for the appliance by the end of January 2020. however, in the meantime, it is essential to apply remediation provided by Citrix Support in this article.
Lesson Learn from CV-2019-19781
iVersion has always advocate Multi-Layered security architecture. Since the discovery of CV-2019-19781 till few days there was no remediation action available for customers. Even now, customers are waiting for the new build to address the issue adequately. However, the exploits are available for many weeks before the remediation action provided by Citrix on 17th December 2019, which placed many businesses at risk. Even before the public disclosure of CV-2019-19781 vulnerability, it existed and probably have exploited by cunning hackers. Precisely for this reason, it is crucial to place multiple controls to defend against attacks. One should always assume the controls have flaws and vulnerabilities even when these vulnerabilities are not discovered or disclosed. Creating a multi-layered multi-vendors defence-in-depth design, especially at your network edge is the only way to ensure security in today’s volatile cyber environment. Make sure to build Zero Trust architecture for your information system.
Feel free to call us on 1800 864 868 if you need an extra helping hand. We strongly believe the best way to show the iVersion difference is by extending our support to the broader business community in the time of need.
