Citrix Netscaler exploits and scans hit the internet

By on
Citrix Netscaler exploits and scans hit the internet

Patches still days away.

Organisations with Citrix Application Delivery Controller (Netscaler) installations are under renewed pressure to mitigate against a critical vulnerability after exploits for it were published, with patches still not available.

Citrix issued a critical advisory on December 17 United States time for the vulnerability, which is a flaw that allows directory traversal and calling of poorly written scripts.

About 3500 Australian users are thought to be susceptible.

Over the weekend, security vendor TrustedSec published a working exploit and a scanner for the flaw, which has been given the Common Vulnerabilties and Exposures index of CVE-2019-19781.

The flaw is also now nicknamed 'Citrixmash'.

TrustedSec researchers Rob Simon and Dave Kennedy published the Python scripts for the exploit and scanner on Github.

"This was only uploaded due to other researchers publishing their code first," they said.

"We would have hoped to have had this hidden for awhile longer while defenders had appropriate time to patch their systems.

"We are all for responsible disclosure. In this case - the cat was already out of the bag."

Attackers can use the Citrixmash bug to remotely run any code of their choosing, with no authentication required.

Multiple versions of Citrix ADC and Netscaler Gateway are affected by the bug, and there's no patch for the flaw as of yet.

A workaround involves manually executing commands to prevent directory traversal and restricting folder access to scripts that can be called for remote code execution was published by Citrix to mitigate against the vulnerability.

The commands are:

add responder policy ctx267027 "HTTP.REQ.URL.DECODE_USING_TEXT_MODE.CONTAINS(\"/vpns/\") && (!CLIENT.SSLVPN.IS_SSLVPN || HTTP.REQ.URL.DECODE_USING_TEXT_MODE.CONTAINS(\"/../\"))" respondwith403

Citrix expects to deliver patches for the ADC and Gateway versions 11.1 and 12.0 by January 20 US time, with versions 12.1 and 13 coming on January 27 and 10.5 on January 31.

TrustedSec said it is aware of large scans taking place across the globe to map vulnerable Citrix servers with other security researchers making the same observation

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
citrixcitrixmashcve201919781netscalersecuritytrusted security

Sponsored Whitepapers

Free eBook: Digital Transformation 101 – for banks
Free eBook: Digital Transformation 101 – for banks
Why financial services need to tackle their Middle Office
Why financial services need to tackle their Middle Office
Learn: The latest way to transfer files between customers
Learn: The latest way to transfer files between customers
Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see

Events

Most Read Articles

NSW Police dumps Bezos-backed Mark43 from core systems overhaul

NSW Police dumps Bezos-backed Mark43 from core systems overhaul
Australian court finds insurer not liable for ransomware clean-up costs

Australian court finds insurer not liable for ransomware clean-up costs
NBN Co proposes to axe CVC across all plans by mid-2026

NBN Co proposes to axe CVC across all plans by mid-2026
ADHA extends Accenture's My Health Record support deal for $100m

ADHA extends Accenture's My Health Record support deal for $100m

Digital Nation

Australia will lose 11 percent of jobs to automation by 2040: Forrester
Australia will lose 11 percent of jobs to automation by 2040: Forrester
Criteo to fork out $94.7m for consent breaches
Criteo to fork out $94.7m for consent breaches
Domino’s invests in observability for zero contact delivery
Domino’s invests in observability for zero contact delivery
COVER STORY: How KPMG, Mirvac and ASX use blockchain to build trust in the property sector
COVER STORY: How KPMG, Mirvac and ASX use blockchain to build trust in the property sector
Metaverses on the agenda for Dominello, Husic ministerial meeting
Metaverses on the agenda for Dominello, Husic ministerial meeting

Log In

  |  Forgot your password?