Citrix Netscaler exploits and scans hit the internet

By on
Citrix Netscaler exploits and scans hit the internet

Patches still days away.

Organisations with Citrix Application Delivery Controller (Netscaler) installations are under renewed pressure to mitigate against a critical vulnerability after exploits for it were published, with patches still not available.

Citrix issued a critical advisory on December 17 United States time for the vulnerability, which is a flaw that allows directory traversal and calling of poorly written scripts.

About 3500 Australian users are thought to be susceptible.

Over the weekend, security vendor TrustedSec published a working exploit and a scanner for the flaw, which has been given the Common Vulnerabilties and Exposures index of CVE-2019-19781.

The flaw is also now nicknamed 'Citrixmash'.

TrustedSec researchers Rob Simon and Dave Kennedy published the Python scripts for the exploit and scanner on Github.

"This was only uploaded due to other researchers publishing their code first," they said.

"We would have hoped to have had this hidden for awhile longer while defenders had appropriate time to patch their systems.

"We are all for responsible disclosure. In this case - the cat was already out of the bag."

Attackers can use the Citrixmash bug to remotely run any code of their choosing, with no authentication required.

Multiple versions of Citrix ADC and Netscaler Gateway are affected by the bug, and there's no patch for the flaw as of yet.

A workaround involves manually executing commands to prevent directory traversal and restricting folder access to scripts that can be called for remote code execution was published by Citrix to mitigate against the vulnerability.

The commands are:

add responder policy ctx267027 "HTTP.REQ.URL.DECODE_USING_TEXT_MODE.CONTAINS(\"/vpns/\") && (!CLIENT.SSLVPN.IS_SSLVPN || HTTP.REQ.URL.DECODE_USING_TEXT_MODE.CONTAINS(\"/../\"))" respondwith403

Citrix expects to deliver patches for the ADC and Gateway versions 11.1 and 12.0 by January 20 US time, with versions 12.1 and 13 coming on January 27 and 10.5 on January 31.

TrustedSec said it is aware of large scans taking place across the globe to map vulnerable Citrix servers with other security researchers making the same observation

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
citrix citrixmash cve201919781 netscaler security trusted security

Sponsored Whitepapers

The 5 steps to effective data protection
The 5 steps to effective data protection
Understanding the next security control points: applications and workloads
Understanding the next security control points: applications and workloads
Best security practices after rapid Digital Transformation
Best security practices after rapid Digital Transformation
The CISO View 2021 Survey: Zero Trust and Privileged Access
The CISO View 2021 Survey: Zero Trust and Privileged Access
How and why to backup your Office 365 tenant
How and why to backup your Office 365 tenant

Most Read Articles

Infosys gets another $71m for Centrelink calculation engine work

Infosys gets another $71m for Centrelink calculation engine work
Signal encrypted messaging app founder calls it quits

Signal encrypted messaging app founder calls it quits
NBN Co asks ACCC to closely police any functional separation of TPG Telecom

NBN Co asks ACCC to closely police any functional separation of TPG Telecom
Victoria Police's digital chief departs

Victoria Police's digital chief departs

Digital Nation

Case Study: Keeping CPA's board up to date about cybersecurity risks
Case Study: Keeping CPA's board up to date about cybersecurity risks
Fringe innovation unlocks power of diverse thinking
Fringe innovation unlocks power of diverse thinking
Case Study: Intrepid Group uses global travel shutdown to reimagine HR function
Case Study: Intrepid Group uses global travel shutdown to reimagine HR function
Catastrophic governance failures are rooted in organisational culture
Catastrophic governance failures are rooted in organisational culture
Highlights 2021: Automation drives marketing success but complexity torments delivery
Highlights 2021: Automation drives marketing success but complexity torments delivery

Log In

Email:
Password:
  |  Forgot your password?