A remote code execution vulnerability in Citrix Application Delivery Controller (ADC) (known previously as NetScaler ADC and Citrix Gateway or NetScaler Gateway) has been discovered. If exploited, it could allow an unauthenticated attacker to execute arbitrary code in the context of service account used to run Citrix services. Citrix has stated that a patch will be made available in the coming weeks, however as these services often run with administrative privileges on servers, this is a critical vulnerability, and the mitigation should be applied immediately.
The path traversal vulnerability discovered last month (17th December 2019) has recently been weaponised into a full remote code execution (RCE), with exploit code published on the internet. As a result, it is likely that malicious actors are already using this code to perform discovery and exploitation of these weaknesses.
It is simple to verify whether you are vulnerable using a simple curl command against the externally facing Citrix ADC endpoint by running the following command:
curl https://host/vpn/../vpns/cfg/smb.conf –path-as-is
Additional resources are available below to perform checks using other methods such as PowerShell.
https://www.reddit.com/r/sysadmin/comments/en5y8l/multiple_exploits_for_cve201919781_citrix/
Mitigation can be performed by making the configuration changes highlighted in the below articles released by Citrix.
https://support.citrix.com/article/CTX267679
https://support.citrix.com/article/CTX267027
Disclaimer: These links are being provided as a convenience and for informational purposes only; they do not constitute an endorsement or approval from SureCloud Ltd of any of the products, services or opinions of the corporation or organisation or individual. SureCloud Ltd bears no responsibility for the accuracy, legality or content of the external site or for that of subsequent links. Contact the external site for answers to questions regarding its content.
About SureCloud
SureCloud is a provider of Gartner recognised GRC software and CREST accredited Cyber Security & Risk Advisory services. Whether buying products or services your organisation would benefit from automated workflows and insight from the award-winning SureCloud platform. All of SureCloud’s service offerings are fully compatible with the GRC suite of products enabling seamless integration of information, taking your risk programmes to the next level.
