Critical security vulnerabilities in Citrix NetScalers.
If you run a Citrix Application Delivery Controller (ADC) and / or gateway, please note the following information: An exploit code for a “critical” security gap (CVE-2019-19781) has been discovered. Scans for vulnerable appliances are also increasing. Unauthenticated attackers can attack devices remotely and run their own code relatively easily. The exploit now makes this attack scenario more realistic and there is an urgent need to act.
In order to secure networks, Cisco’s workaround should be implemented immediately as there is not yet a security patch. Cisco has, however, announced a secure version for the end of January. The workaround can be found here: https://support.citrix.com/article/CTX267679
Workaround cannot reverse damage.
While working on solving the security issue, we came across many appliances that had already been compromised. Once compromised, the workaround linked to above cannot reverse the damage and in some circumstances, this compromise must also be reported in accordance with the Data Protection Regulation. Whether this is the case or not can only be ascertained with forensic investigation of the appliance.
Our advice: Get expert support now!