Home / Networking / Citrix: These are new patches for your vulnerable servers

Citrix: These are new patches for your vulnerable servers


No patch yet for severe Citrix Netscaler bug
This critical Citrix bug could affect 80,000 companies.

Enterprise tech company Citrix has rolled out a new round of fixes for a vulnerability that’s already being exploited to install malware on Citrix servers and which has even sparked a turf war among cybercriminals over compromised machines. 

Advertisements

The new fixes address CVE-2019-19781, which has been in the spotlight over the past week after proof-of-concept (PoC) exploit code was released, and hackers started using variants of it to install crypto-miners on enterprise kit. 

The bug affects Citrix Application Delivery Controller (ADC) – formerly known as NetScaler ADC – and Citrix Gateway, formerly known as NetScaler Gateway, as well as Citrix SD-WAN WANOP. 

SEE: 10 tips for new cybersecurity pros (free PDF)

The first set of updates were released earlier this week for some versions of ADC and NetScaler, and Citrix CISO Fermin Serna today announced the release of fixes for SD-WAN WANOP, which are available on Citrix’s support site.  

Serna notes that customers must upgrade all Citrix SD-WAN WANOP versions to build 10.2.6b or 11.0.3b. The fixes are applicable to SD-WAN 4000-WO, 5000-WO, 4100-WO, and 5100-WO platforms. The SD-WAN PE and SD-WAN SE platforms are not affected by this bug. 

While customers can use Citrix’s mitigations to minimize risk, Serna said the company “strongly encourages” admins to apply the permanent fixes as soon as possible.

The bug has become a top target for a few reasons. Citrix disclosed the flaw before Christmas but advised customers it wouldn’t have patches until late January. In the meantime, the PoC exploit code was released for what is considered a simple vulnerability to exploit. 

Earlier this week ZDNet reported that security firm FireEye had identified a hacker who was removing malware from already infected Citrix servers as part of a ploy to gain exclusive control over compromised machines and then install a backdoor. 

FireEye has detected repeated attacks on organizations in the travel, legal, financial, and education sectors.

The Dutch national cybersecurity agency (NCSC) has even advised companies and government agencies that run Citrix ADC or NetScaler Gateway servers to turn off systems until an official patch is ready due to “uncertainty about the effectiveness of the mitigation measures”. 

Citrix insists the mitigations do work but has also advised customers to apply its patches immediately after they become available. 

SEE: A hacker is patching Citrix servers to maintain exclusive access

FireEye today released a scanner that it developed with Citrix for customers to search their networks for indicators of compromise. The free tool is available from the Citrix and FireEye GitHub repositories. 

Citrix’s next set of patches are scheduled for release tomorrow to address the flaw in Citrix ADC and Citrix Gateway versos 12.1, 10.5, and 13.0. 

fireeyecitrixscanner.jpg

The FireEye Citrix scanner uses web server access logs to identify scanning activity targeting a specific appliance.


Image: FireEye/Citrix



Source link

Advertisements

About admin

I'm a 50 year old PLC programmer from Burnley, UK. I severed my time as an electrician in the baking industry and soon got involved with the up and coming technology of PLC's. Initially this was all based in the Uk but as the years went by I have gradually worked my way around the globe. At first it was mainly Mitsubishi with a bit of Modicon thrown in but these days the industry leaders seem to be the Allen Bradley range of PLC and HMI’s.

Check Also

Aussie Broadband chief sees a path for 1Gbps to be available to half the NBN

Advertisements Image: NBN Aussie Broadband has seen strong demand with around 5.5% of its customer ...

Leave a Reply

Your email address will not be published. Required fields are marked *

Advertisements