Specialists in website apps security report the finiding of a critical vulnerability in Citrix Application Delivery Controller and in Citrix Gateway, known before as Netscaler Gateway or Netscaler ADC. As said in the reports, the exploit of this critical error would allow the threatening actors to access to the internal networks in the affected companies

The vulnerability has been notified as CVE-2019-17781; Citrix affirms that more details will be revealed when the error gets solved.

 

 

 

 

 

The vulnerability has been notified as CVE-2019-17781; Citrix affirms that more details will be revealed when the error gets solved.

NetScaler ADC is a technologic solution to monitorize and to balance loading, while Unified Gateway brings remote access to internal applications, which includes desktop apps, intranet and web apps; said in other way, it involves any app in any device and in any location.

In the report, revealed las December 17th, specialists in website app security affirm that the vulnerability can be exploited by a threatening actor without authentication with the objective of executing an arbitrary codex…

The worst thing, the hackers do not even need to know the details about compromised accounts to exploit the error. According to an earlier report published by the security brand Positive Technologies, the first vulnerable versions of this software were launched from the year 2014; nowdays, the networks of around 80 thousand companiesb in more than 150 countries would be exposed to this vulnerability exploit.

The main use of this software solutions is to bring remote access to internal apps, so the arbitrary code’s execution could allow a threatening actor to gain access to the internal networks of the objective company, so the specialists in web security apps consider this a critical vulnerability.

After receiving the report, Citrix published a bunch of meassures to mitigate the exploit risk though blocking some of the applications SSL of VPN, which indicates the area qhere the critical error is; this is a secure tunnel on a remote network that uses a SSL protocol. It is important to highlight that this is a temporal solution; the details are avaiable in official platforms of the company. The affected versions of Citric ADC and Unified Gateway are 10.5, 11.1, 12.0, 21.1 and 13.0.

Specialists in web security apps of International Institute of Cyber Security reccomend to the administrators that they implement these meassures recommended by Citrix as soon as possible. It is also recommended to stay alert to the launch of the complete correction, which will be avaiable soon.

 

 

 

 

 

 

Deja un comentario