Hackers use System Weakness to Rattle Doors on Citrix Systems

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
Attackers are using a serious bug in Citrix products to scan the internet for weaknesses, according to experts.

The flaw, CVE-2019-19781, affects the company’s NetScaler ADC Application Delivery Controller and its Citrix Gateway. The first product is a piece of network equipment that ensures online applications perform well, using load balancing and application monitoring. The second provides remote access to applications on a company’s network or in the cloud. An attacker could use the bug to execute arbitrary code, according to Citrix, which published an advisory on 17 December. Positive Technologies, which wrote a report of the bug on 23 December, warned that 80,000 companies were at risk. NIST gave it a 9.8 (Critical) CVSS 3.0 score.

A bug that lets attackers execute arbitrary code without even needing an account is particularly serious. Positive Technologies explained : This vulnerability allows any unauthorized attacker to not only access published applications, but also attack other resources of the company’s internal network from the Citrix server.
Security researcher Kevin Beaumont tweeted on Tuesday that he had picked up multiple scans on his honeypot network, indicating that people were trying to read sensitive files using directory traversal
 

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
First the good news :

Hackers are exploiting the Shitrix flaw to access the vulnerable servers, clean up known malware infections (such as cryptocurrency mining code) on your behalf, and apply Citrix’s recommended mitigation steps to block future attempts to exploit the vulnerability.
here’s the bad news :

As researchers at FireEye describe, the mitigation code executed by the hacking group to protect the Citrix servers from further exploitation contains a secret backdoor. In short, the hackers have locked other hackers out of the vulnerable servers – but not themselves.
 

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Today, we released the permanent fix for #CitrixADC version 10.5 to address the #CVE201919781 vulnerability. We have now released permanent fixes for all supported versions of ADC, Gateway, and SD-WAN WANOP. These fixes are available to download now. Citrix releases final fixes for CVE-2019-19781 | Citrix Blogs
— Citrix (@citrix) January 24, 2020
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top