Critical Vulnerability in Citrix Could Affect Numerous Enterprises
upstart writes in with an IRC submission for Anonymous_Coward:
Critical Vulnerability In Citrix Could Affect Numerous Enterprises:
A security researcher from Positive Technologies, Mikhail Klyuchnikov, discovered a serious security bug in Citrix products. Specifically, he found the vulnerability affecting the Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway).
As stated in a post, exploiting the flaw could allow an attacker to directly access the target firm's local network without the need to compromise other accounts.
Upon finding the flaw, the researchers informed Citrix of the matter who also acknowledged their findings. Elaborating the vulnerability CVE-2019-19781 in an advisory, they stated,
A vulnerability has been identified in Citrix Application Delivery Controller (ADC) formerly known as NetScaler ADC and Citrix Gateway formerly known as NetScaler Gateway that, if exploited, could allow an unauthenticated attacker to perform arbitrary code execution.
The bug affected all supported builds of Citrix ADC and Citrix Gateway versions 11.1, 12.0, 12.1, and 13.0. Furthermore, it also affected all supported builds for Citrix NetScaler ADC and NetScaler Gateway version 10.5.
[...] For now, Citrix has advised mitigation steps for users to avoid potential exploit. Addressing the vulnerability in a separate post, vendors have detailed the configurations to address the bug.
Read more of this story at SoylentNews.