Urgent and Critical Fix for the Citrix Vulnerability Affecting the Networks of 80,000 Companies - XIOLOGIX XIOLOGIX
Security

Urgent and Critical Fix for the Citrix Vulnerability Affecting the Networks of 80,000 Companies

Using Citrix ADC or Gateway? Please take urgent steps to protect your network.

According to Positive Technologies, an estimated 80,000 companies in 158 countries are potentially at risk and over 30,000 of those companies are here in the United States. A vulnerability in Citrix Application Delivery Controller (ADC), formerly known as NetScaler ADC, and Citrix Gateway, formerly known as NetScaler Gateway, has been discovered and identified as CVE-2019-19781. Citrix has not yet released a patch but the exploit can be mitigated with a global Citrix Responder Policy created on the CLI.

To test your environment for this vulnerability, the DHS CISA has released a python script. We tested this script on a network running Citrix NetScaler:

Python39\Scripts>cve-2019-19781.exe citrix.privatedomainname.com
2020-01-13 16:36:53,568 WARNING citrix.privatedomainname.com appears to be vulnerable.

After creating the recommended responder policy:

Python39\Scripts>cve-2019-19781.exe citrix.xiologix.com
2020-01-13 16:48:13,107 INFO citrix.privatedomainname.com does not appear to be vulnerable.

The day after creating the recommended responder policy, notice the logged hits:

responder hits

Citrix plans to release a patch in late January. In the meantime, please subscribe to bulletin alerts to be notified when the new firmware is available and follow Citrix Recommendations for Mitigation.

If you have any questions, Xiologix employs one of the Pacific Northwest’s top Citrix Engineers, James Pethigal. He would be happy to discuss this vulnerability and mitigation steps with you further.  Contact us today.

Update 1/19/2020: https://www.citrix.com/blogs/2020/01/19/vulnerability-update-first-permanent-fixes-available-timeline-accelerated/

Update 1/24/2020: https://www.citrix.com/blogs/2020/01/24/citrix-releases-final-fixes-for-cve-2019-19781/