skout-blog

Cybersecurity Threat Advisory 001-20: Vulnerability in Two Citrix Devices

Advisory Overview

A vulnerability was been discovered in two Citrix Devices: Citrix Application Delivery Controller (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway). The vulnerability can allow for hackers to gain unauthorized access to a company’s local network. Citrix has provided mitigation steps and a will be providing upgraded firmware via their support center.

 

Technical detail and additional information

What is the threat?

A flaw found in Citrix ADC and Gateways can allow attackers to directly access a target company’s local network without the need of any access to accounts. Citrix products are generally used for connecting to workstations and critical devices such as severs via remote access. This access can allow attackers to manipulate other resources on a company’s internal network via the Citrix Server.

Why is this noteworthy?

Citrix products are widely used in corporate networks for traffic management and to ensure secure remote access. This vulnerability is noteworthy as the exploit does not require access to any accounts prior thus allowing external threat actors to perform it. Since Citrix is so widespread in the corporate community, attackers have many opportunities to try and successfully exploit the vulnerability.

What is the exposure or risk?

Exploitation of the Citrix Vulnerability can allow attackers to have direct access to a company’s local network thus allowing them to view sensitive information such as the company’s credentials. In addition, exploitation allows attackers the ability to perform attacks such as phishing, denial of service and deploying crypto currency miners on devices on the LAN.

What are the recommendations?

To mitigate this threat Citrix has provided documentation users can follow to ensure that the proper measures are taken place per each different device.

Along with the Citrix support article listed below users are urged to upgrade all their appliances to a fixed version of the firmware. These two recommendations are temporary patches while Citrix will develop a further update that will be released later.

Citrix Support Article: https://support.citrix.com/article/CTX267679

References:

For more in-depth information about the recommendations, please visit the following links:

  • https://support.citrix.com/article/CTX267679
  • https://www.infosecurity-magazine.com/news/citrix-vulnerability-puts-80k/