Citrix is advising customers that cyber attackers are performing scans to find organisations vulnerable to a security flaw in the Citrix Application Delivery Controller (ADC) and Gateway products. It is important that customers are aware that a working exploit to this threat has been published on the internet and to take immediate action.
If exploited, the vulnerability permits threat actors to conduct Remote Code Execution (RCE) attacks. This means it could give an attacker direct access to the local networks behind the gateways without the need for an account or authentication. This could result in attacks via Malware, Ransomware, a denial of service or facilitate the theft of information.
According to iTNews more than 3500 Australian companies may be vulnerable and more than 80,000 companies in 158 countries could also be at risk.
Citrix has worked quickly in releasing mitigation steps and is urging administrators to immediately apply it to their configurations. A full patch is not yet available.
According to a Citrixsecurity advisory, these products are affected:
- Citrix ADC and Citrix Gateway version 13.0 all supported builds
- Citrix ADC and NetScaler Gateway version 12.1 all supported builds
- Citrix ADC and NetScaler Gateway version 12.0 all supported builds
- Citrix ADC and NetScaler Gateway version 11.1 all supported builds
- Citrix NetScaler ADC and NetScaler Gateway version 10.5 all supported builds
What should you do:
Citrix is advising customers to immediately apply the mitigation and then upgrade all their vulnerable applications to a fixed version of firmware when released towards the end of the month.
All the information you need is on the Citrix Support website so if you think you are impacted you should take action immediately.