Citrix Netscaler exploits and scans hit the internet

By on
Citrix Netscaler exploits and scans hit the internet

Patches still days away.

Organisations with Citrix Application Delivery Controller (Netscaler) installations are under renewed pressure to mitigate against a critical vulnerability after exploits for it were published, with patches still not available.

Citrix issued a critical advisory on December 17 United States time for the vulnerability, which is a flaw that allows directory traversal and calling of poorly written scripts.

About 3500 Australian users are thought to be susceptible.

Over the weekend, security vendor TrustedSec published a working exploit and a scanner for the flaw, which has been given the Common Vulnerabilties and Exposures index of CVE-2019-19781.

The flaw is also now nicknamed 'Citrixmash'.

TrustedSec researchers Rob Simon and Dave Kennedy published the Python scripts for the exploit and scanner on Github.

"This was only uploaded due to other researchers publishing their code first," they said.

"We would have hoped to have had this hidden for awhile longer while defenders had appropriate time to patch their systems.

"We are all for responsible disclosure. In this case - the cat was already out of the bag."

Attackers can use the Citrixmash bug to remotely run any code of their choosing, with no authentication required.

Multiple versions of Citrix ADC and Netscaler Gateway are affected by the bug, and there's no patch for the flaw as of yet.

A workaround involves manually executing commands to prevent directory traversal and restricting folder access to scripts that can be called for remote code execution was published by Citrix to mitigate against the vulnerability.

The commands are:

add responder policy ctx267027 "HTTP.REQ.URL.DECODE_USING_TEXT_MODE.CONTAINS(\"/vpns/\") && (!CLIENT.SSLVPN.IS_SSLVPN || HTTP.REQ.URL.DECODE_USING_TEXT_MODE.CONTAINS(\"/../\"))" respondwith403

Citrix expects to deliver patches for the ADC and Gateway versions 11.1 and 12.0 by January 20 US time, with versions 12.1 and 13 coming on January 27 and 10.5 on January 31.

TrustedSec said it is aware of large scans taking place across the globe to map vulnerable Citrix servers with other security researchers making the same observation

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
citrix citrixmash cve201919781 netscaler security trusted security
In Partnership With

Most Read Articles

The CIO moves that made headlines in 2019

The CIO moves that made headlines in 2019
Google adds IBM Power to its cloud

Google adds IBM Power to its cloud
NBN Co reveals active Sky Muster users within 25km of city centres

NBN Co reveals active Sky Muster users within 25km of city centres
Defence, Tax Office fork out millions to keep Windows 7 secure for another year

Defence, Tax Office fork out millions to keep Windows 7 secure for another year
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Are you getting profitable outcomes from your IT?
Are you getting profitable outcomes from your IT?
Your Microsoft Security journey starts here
Your Microsoft Security journey starts here
Is your AWS framework well-architected?
Is your AWS framework well-architected?
Why you should reassess your cybersecurity posture
Why you should reassess your cybersecurity posture
How will you manage the cloud data deluge?
How will you manage the cloud data deluge?

Events

Log In

Username / Email:
Password:
  |  Forgot your password?