First patches for the Citrix ADC, Gateway RCE flaw released - Help Net Security

First patches for the Citrix ADC, Gateway RCE flaw released - Help Net Security

As attackers continue to hit vulnerable Citrix (formerly Netscaler) ADC and Gateway installations, Citrix has released permanent fixes for some versions and has promised to provide them for other versions and for two older versions of SD-WAN WANOP by January 24.



A short timeline before the situation update


CVE-2019-19781, a critical vulnerability affecting Citrix ADC and Gateway that may allow unauthenticated attackers to achieve remote code execution and obtain direct access to an organization’s local network from the internet, was responsibly disclosed last December.


At the time, Citrix only offered mitigations advice instead of fixes, but both security researchers and hackers eventually used them to discern the nature of the flaw and create exploits for it.


The number of publicly available exploits quickly rose in the coming days and th ..

Support the originator by clicking the read the rest link below.