It appears you have not yet registered with our community. To register please click here...

 
Go Back [M] > Madshrimps > WebNews
Citrix ADC and Gateway servers must be shut down Citrix ADC and Gateway servers must be shut down
FAQ Members List Calendar Search Today's Posts Mark Forums Read


Citrix ADC and Gateway servers must be shut down
Reply
 
Thread Tools
Old 20th January 2020, 07:56   #1
[M] Reviewer
 
Stefan Mileschin's Avatar
 
Join Date: May 2010
Location: Romania
Posts: 153,575
Stefan Mileschin Freshly Registered
Default Citrix ADC and Gateway servers must be shut down

Until patch comes out

The Dutch National Cyber Security Centre (NCSC) has taken the unusual step of warning organisations running Citrix ADC and Gateway servers to shut down their machines until Citrix releases a fully working patch for a CVE-2019-19781 vulnerability.

"If the impact of switching off the Citrix ADC and Gateway servers is not acceptable, the advice is to closely monitor for possible abuse", according to te NCSC advisory on its website.
"As a last risk-limiting measure you can still look at whitelisting of specific IP addresses or IP blocks", it added.

The advisory from the Dutch NCSC comes following Citrix's admission that its mitigation measures for CVE-2019-19781 are unable to provide security against exploits on some installations running older firmware.

The company revealed that Citrix ADC Release 12.1 builds before 51.16/51.19 and 50.31 are vulnerable as the bug "affects responder and rewrite policies bound to VPN virtual servers causing them not to process the packets that matched policy rules".

Citrix recommends customers update their product to an unaffected build and then apply the mitigation steps. It said that after a detailed analysis of the security vulnerability, it found that it impacts the Wan Optimisation (WANOP) edition of the Citrix SD-WAN appliance (models 4000, 4100, 5000, and 5100 all supported builds).

CVE-2019-19781, which has severity score of 9.8 out of 10, was discovered by Mikhail Klyuchnikov, a security researcher at Positive Technologies.

The issue impacts Citrix Application Delivery Controller (earlier known as NetScaler ADC) and Citrix Gateway (formerly NetScaler Gateway) and could allow attackers to execute arbitrary code on vulnerable machines via directory traversal, without requiring authentication.

https://fudzilla.com/news/50141-citr...t-be-shut-down
Stefan Mileschin is offline   Reply With Quote
Reply


Similar Threads
Thread Thread Starter Forum Replies Last Post
Original 'Burnout Paradise' servers shut down August 1st Stefan Mileschin WebNews 0 19th April 2019 13:23
Iranians nick shedloads of Citrix data Stefan Mileschin WebNews 0 12th March 2019 13:56
Iranian hackers stole terabytes of data from software giant Citrix Stefan Mileschin WebNews 0 11th March 2019 10:41
Your Pebble watch will still work after its servers shut down Stefan Mileschin WebNews 0 7th April 2017 06:44
ViewSonic Smart Display Virtualization Products First to Earn Citrix Ready–HDX Stefan Mileschin WebNews 0 16th April 2014 08:24
AMD Announces SeaMicro SM15000 Server Citrix Ready Stefan Mileschin WebNews 0 18th October 2012 09:24
Leadtek introduces CITRIX® HDX(TM) Ready certified Thin Client WinFast® TC200 series Stefan Mileschin WebNews 0 7th September 2012 09:02
Leadtek introduces CITRIX® HDXTM Ready certified Thin Client WinFast® TC200 series Stefan Mileschin WebNews 0 7th September 2012 05:59
Getting more from your iPad with Citrix and Desktop Connect jmke WebNews 0 10th May 2010 15:53
Gateway 30-inch LCD TV Sidney WebNews 0 8th March 2005 06:46

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


All times are GMT +1. The time now is 14:43.


Powered by vBulletin® - Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
SEO by vBSEO