Skip to main content

Hackers are scanning for vulnerable Citrix servers

(Image credit: Image Credit: Sergey Nivens / Shutterstock)

Hackers are scanning Citrix Application Delivery Controller and Citrix Gateway servers, looking for ones that could potentially be vulnerable to the CVE-2019-19781 flaw, multiple security researchers have confirmed.

Last month, Positive Technologies unveiled that some 80,000 companies could be at risk, not having patched the vulnerability just yet. Back then, Positive Technologies claimed the US, UK, Germany, the Netherlands and Australia are most at risk.

"Depending on specific configuration, Citrix applications can be used for connecting to workstations and critical business systems (including ERP)," Positive Technologies added. "In almost every case, Citrix applications are accessible on the company network perimeter, and are therefore the first to be attacked."

Hackers that manage to successfully exploit the flaw get to execute arbitrary code, it was confirmed. However, security researcher Kevin Beaumont said that no exploitation was yet seen and no information on an exploit is available to the public just yet. This information was also confirmed by Johannes B. Ullrich, dean of the SANS Technology Institute.

That doesn’t mean there aren’t any, though.

Citrix says that CVE-2019-19781 affects these product versions and platforms:

  • Citrix ADC and Citrix Gateway version 13.0 all supported builds
  • Citrix ADC and NetScaler Gateway version 12.1 all supported builds
  • Citrix ADC and NetScaler Gateway version 12.0 all supported builds
  • Citrix ADC and NetScaler Gateway version 11.1 all supported builds
  • Citrix NetScaler ADC and NetScaler Gateway version 10.5 all supported builds

No firmware patch is available yet, but Citrix did publish mitigation measures for standalone systems and clusters.