Citrix releases final patches for critical CVE-2019-19781 security flaw

clock • 2 min read

Patch ASAP, urges Citrix - then scan your network for any indicator of compromise

Citrix has finally released the last permanent fixes for the CVE-2019-19781 security flaw for version 10.5 of the Citrix Application Delivery Controller (ADC). The company now claims to have released permanent fixes for all supported versions of ADC, Gateway and SD-WAN WANOP.

Citrix has urged organisations to "patch immediately" - presumably, over the weekend. The flaw enables remote, unauthenticated attackers to perform arbitrary code execution, with exploits already having been detected in the wild. 

Indeed, German automotive parts maker Gedia was taken down with ransomware over the past week, with security researchers warning that the attackers cracked the company's network via vulnerable Citrix devices.

And there is evidence of sophisticated threat actors switching their attention from Pulse Secure VPNs, which was purportedly the entry point for the Travelex ransomware attackers, to Citrix appliances exploiting CVE-2019-19781.

The vulnerability affects the following Citrix appliances, according to the US-CERT advisory:

  • Citrix NetScaler ADC and NetScaler Gateway version 10.5 - all supported builds;
  • Citrix ADC and NetScaler Gateway version 11.1 - all supported builds before 11.1.63.15;
  • Citrix ADC and NetScaler Gateway version 12.0 - all supported builds before 12.0.63.13;
  • Citrix ADC and NetScaler Gateway version 12.1 - all supported builds before 12.1.55.18;
  • Citrix ADC and Citrix Gateway version 13.0 - all supported builds before 13.0.47.24;
  • Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO - all supported software release builds before 10.2.6b and 11.0.3b. (Citrix SD-WAN WANOP is vulnerable because it packages Citrix ADC as a load balancer).

But the weekend's work won't be completed after the patches have been installed and systems restarted.

Users have been advised to scan their networks for evidence of compromise after patching to ensure that their networks have not been cracked, with attackers leaving behind the tools to enable them to exploit their systems later. Citrix and FireEye have released a free Indicator of Compromise tool to help users.

Related Topics

You may also like
Hackers used compromised Citrix credentials to attack healthcare provider

Hacking

Hackers used compromised Citrix credentials to attack healthcare provider

Data belonging to a 'substantial proportion' of Americans may have been stolen

clock 01 May 2024 • 3 min read
LockBit releases Boeing's stolen files

Security

LockBit releases Boeing's stolen files

Leaked files apparently include financial info

clock 13 November 2023 • 2 min read
China's largest commercial bank hit by ransomware

Threats and Risks

China's largest commercial bank hit by ransomware

ICBC confirms an attack that halted some trades

clock 10 November 2023 • 2 min read
Author spotlight

Graeme Burton

View profile
More from Graeme Burton

Peter Cochrane: Coronavirus as a change agent

Microsoft to migrate Office 365 Personal and Home users to Microsoft 365

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

Get the newsletter

More on Security

Vanta: Cybersecurity spend should be 30% of the IT budget
Security

Vanta: Cybersecurity spend should be 30% of the IT budget

Currently it's 9% in the UK

John Leonard
clock 03 May 2024 • 4 min read
Security Excellence Awards – winners revealed!
Security

Security Excellence Awards – winners revealed!

The technologies, projects, partners and people leading the way in cybersecurity

Computing Staff
clock 03 May 2024 • 2 min read
Next's CISO: Learn from attackers to boost cyber defences
Security

Next's CISO: Learn from attackers to boost cyber defences

Collaboration, knowledge sharing, agility – there’s a lot that cyber criminals do right

Tom Allen
Tom Allen
clock 02 May 2024 • 4 min read