These reports give you insight into the kinds of vulnerabilities we find in general and how to fix them. Findings on specific organisations are only published after vulnerabilities are fixed and in negotiation with the stakeholders involved. We are not journalists, we only try to make the internet safer.

Wide spread vulnerability in Citrix Gateway and Citrix Application Delivery Controller

13 January 2020, by Frank Breedijk

The problem
On December 17th Citrix published a vulnerability in Citrix Application Delivery Controller (ADC) products. These products are also known as NetScaler ADC, Citrix Gateway en Netscaler Gateway. Exploitation of the vulnerability allows an attack to execute arbirary command’s on these servers. Early January it became clear that attackers were actively probing for vulnerable servers. On the 11th of January various sources, e.g. Project Zero Day India and Trusted Sec published exploitation code that demonstrated that exploiting the vulnerabiulity is trivial.

What to do?
Citrix has announced that patches will be vailable soon (from January 20th onwards). We advise you to install these patches a.s.a.p. Until that time the vulnerability can be mitigated via the configuration. We advise you to apply this mitigation now! Please note that a valid license is required to implement this mitigation. Please take note that it is poissible that devices that did not have patches or mitigations applied may already have been taken over by an attacker.

What we are doing.
As of this morning around 11:00 we were aware of 546 publicly accessible vulnerable devices in The Netherlands. We are currently actively informing the network owners of the networks containing vulnerable devices.