Skip to main content

Citrix Applications Need Patch To Address Vulnerability

By January 9, 2020May 9th, 2022Cybersecurity

Researchers at Positive Technologies recently discovered a serious vulnerability in Citrix Enterprise products that threatens the security of more than 80,000 companies in 158 countries around the world.

The issue is being tracked as CVE-2019-19781. If it is left unpatched, it puts companies using either product at risk of phishing attacks, malware, cryptojacking attacks ,and DDoS attacks. That is to name just a few.

According to the researchers, the vulnerability impacts all of the company’s enterprise products, including:

  • Citrix ADC and Citrix Gateway 13.0
  • Citrix ADC and NetScaler Gateway 12.1
  • Citrix ADC and Netscaler Gateway 12.0
  • Citrix ADC and Netscaler Gateway 11.1
  • Citrix NetScaler ADC and NetScaler Gateway 10.5

Positive Technologies reported the issue to Citrix earlier in December 2019). The company responded quickly and has already issued a patch. The company urges all users of the software mentioned above to apply the patch immediately, because the issue “could allow an unauthenticated attacker to perform arbitrary code execution.”

Citrix also recommends making configuration changes in the stand-alone system and running commands from the command line interface. That is, according to a recent blog post on the company’s website.

Unfortunately, this vulnerability has been lurking in the shadows since at least 2014, which means that hackers have had plenty of time to exploit the vulnerability. If you’re unable to patch your software in the near future, it’s important to look for any existing exploitations that may already be compromising your system.

This is a serious, globe-spanning threat. Patching it to keep away from danger should be given highest priority. Kudos to Citrix for their rapid response, but given how long this vulnerability has been waiting to be discovered, the fear that there may be others is there. Stay vigilant and apply the patch as soon as you’re able.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.