• Home
  • News
  • Big Data & Analytics
  • DevOps
  • Security
  • GDPR
  • AI & ML
  • Women in Tech
  • Cloud & Infrastructure
  • CIO
  • Deskflix
  • Events
  • Whitepapers
  • Spotlights
  • IT Leaders 250
  • Research
  • Delta
  • Tech Marketing Hub
  • About Us
  • Newsletters
  • Sign in
  •  
      • Newsletters
      • Account details
      • Contact support
      • Sign out
     
     
    • You are currently accessing Computing via your Enterprise account.

      If you already have an account please use the link below to sign in.

      If you have any problems with your access or would like to request an individual access account please contact our customer service team.

      Phone: +44 (0) 1858 438800

      Email: customerservices@incisivemedia.com

      • Sign in
     
  • Follow us
    • Twitter
    • LinkedIn
    • Newsletters
    • Facebook
    • YouTube
  • Register
  • Events
    • Upcoming events
      event logo
      Microsoft Teams backup: Are you doing enough to protect your Office 365 environment?

      In this webinar we explore the value of using a third-party backup and recovery solution for Microsoft Teams and the services that underpin it – securing your settings, members, team structure, channels and tabs.

      • Date: 24 Feb 2021
      event logo
      Deskflix Financial Services

      oin us for this episode of Deskflix to hear from industry experts and peers on their 2020 best practices, what they’ve learnt for 2021 and how they plan to overcome the next wave of disruption.

      • Date: 03 Mar 2021
      event logo
      Deskflix IT Leader's Summit

      Six months on from our inaugural IT Leaders’ Festival, Deskflix IT Leaders’ Summit is a chance to take stock and reflect on the first quarter of 2021. How did you overcome the obstacles of 2020? Was progression as expected? What were your biggest threats and biggest growth opportunities?

      • Date: 24 Mar 2021
      event logo
      AI & Machine Learning Awards 2021

      The Computing AI & Machine Learning Awards recognise the best companies, individuals, and projects in the AI space today. The awards cover every corner of the industry: security, ethics, data analysis, innovation and more, as well as showcasing the movers and shakers: the technology heroes and projects that deserve industry-wide praise. The winners will be announced in London on 1 July 2020. Entries are now open!

      • Date: 09 Jun 2021
      • TBC, London
      View all events
  • Whitepapers
    • LATEST WHITEPAPERS
      Darktrace 120x194
      Cyber AI Response: Threat Report 2019

      This white paper details 7 case studies of attacks that were intercepted and neutralised by Darktrace cyber defense AI, including a zero-day trojan in a manufacturing company's network. Learn how Darktrace Antigena AI Response modules fight back autonomously, no matter where a threat may emerge, extending to the Cloud, Email and SaaS.

      Download
      Darktrace 120x194
      Cyber AI & Darktrace Cloud

      This white paper explores how cloud is a security blind spot for many organisations who struggle with the limited visibility and control in this new environment, where their existing security tools are often not applicable.

      Download
      Find whitepapers
      Search by title or subject area
      View all whitepapers
  • Spotlights
    • Spotlights

      Welcome to Computing's Spotlight section, where we focus in on particularly important themes and topics of enterprise IT.

      Intel logo

       

      Endpoint Management and Security Hub

  • IT Leaders 250
  • Research
  • Delta
  • Tech Marketing Hub
  • About Us
Computing
Computing
  • Home
  • News
  • Big Data & Analytics
  • DevOps
  • Security
  • GDPR
  • AI & ML
  • Women in Tech
  • Cloud & Infrastructure
  • CIO
  • Deskflix
 
    • Newsletters
    • Account details
    • Contact support
    • Sign out
 
 
  • You are currently accessing Computing via your Enterprise account.

    If you already have an account please use the link below to sign in.

    If you have any problems with your access or would like to request an individual access account please contact our customer service team.

    Phone: +44 (0) 1858 438800

    Email: customerservices@incisivemedia.com

    • Sign in
 
  • Security

Citrix releases final patches for critical CVE-2019-19781 security flaw

Patch ASAP, urges Citrix - then scan your network for any indicator of compromise

Enjoy your weekend, Citrix admins!
Enjoy your weekend, Citrix admins!
  • Graeme Burton
  • @graemeburton
  • 25 January 2020
  • Tweet  
  • Facebook  
  • LinkedIn  
  • Send to  
0 Comments

Citrix has finally released the last permanent fixes for the CVE-2019-19781 security flaw for version 10.5 of the Citrix Application Delivery Controller (ADC). The company now claims to have released permanent fixes for all supported versions of ADC, Gateway and SD-WAN WANOP.

Citrix has urged organisations to "patch immediately" - presumably, over the weekend. The flaw enables remote, unauthenticated attackers to perform arbitrary code execution, with exploits already having been detected in the wild. 

Citrix has now released the full range of fixes for CVE-2019-19781. Patch immediately and read @CISAgov's updated Alert at https://t.co/VVy6NlOFlp for more information. #Cyber #Cybersecurity #InfoSec

— US-CERT (@USCERT_gov) January 24, 2020

Indeed, German automotive parts maker Gedia was taken down with ransomware over the past week, with security researchers warning that the attackers cracked the company's network via vulnerable Citrix devices.

And there is evidence of sophisticated threat actors switching their attention from Pulse Secure VPNs, which was purportedly the entry point for the Travelex ransomware attackers, to Citrix appliances exploiting CVE-2019-19781.

The vulnerability affects the following Citrix appliances, according to the US-CERT advisory:

  • Citrix NetScaler ADC and NetScaler Gateway version 10.5 - all supported builds;
  • Citrix ADC and NetScaler Gateway version 11.1 - all supported builds before 11.1.63.15;
  • Citrix ADC and NetScaler Gateway version 12.0 - all supported builds before 12.0.63.13;
  • Citrix ADC and NetScaler Gateway version 12.1 - all supported builds before 12.1.55.18;
  • Citrix ADC and Citrix Gateway version 13.0 - all supported builds before 13.0.47.24;
  • Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO - all supported software release builds before 10.2.6b and 11.0.3b. (Citrix SD-WAN WANOP is vulnerable because it packages Citrix ADC as a load balancer).

I examined the files #REvil posted from https://t.co/3wfGoNUqp4 after they refused to pay the #ransomware.

the interesting thing I discovered is that they obviously hacked Gedia via the #Citrix exploit

my bet is that all recent targets were accessed via this exploit.

(1/2) pic.twitter.com/tWeUR7I1zj

— Under the Breach (@underthebreach) January 24, 2020

But the weekend's work won't be completed after the patches have been installed and systems restarted.

Users have been advised to scan their networks for evidence of compromise after patching to ensure that their networks have not been cracked, with attackers leaving behind the tools to enable them to exploit their systems later. Citrix and FireEye have released a free Indicator of Compromise tool to help users.

Further reading

Dutch NCSC: Turn off Citrix ADC and Gateway servers NOW as mitigation measures are not effective
  • Security
  • 17 January 2020
Citrix and FireEye release free scanner to detect breached Citrix appliances
  • Security
  • 23 January 2020
Citrix releases permanent fixes for CVE-2019-19781 security flaw in Citrix ADC 11.1 and 12
  • Security
  • 20 January 2020
Citrix to release 'thoroughly tested' fixes for CVE-2019-19781 security flaw by the end of January
  • Threats and Risks
  • 13 January 2020
Citrix up for sale, claims report
  • Mergers and Acquisitions
  • 14 March 2017
Hackers are searching for Citrix servers vulnerable to remote code execution flaw, security researchers warn
  • Security
  • 09 January 2020
  • Tweet  
  • Facebook  
  • LinkedIn  
  • Send to  
  • Topics
  • Security
  • Cloud and Infrastructure
  • Security
  • Citrix
  • CVE-2019-19781
  • NetScaler Gateway
  • Citrix ADC
  • SD-WAN WANOP
  • Application Delivery Controller

More on Security

Use these tips to stay safe online - in the pandemic and beyond
Here's how to stay safe online - in the pandemic and beyond

The coronavirus pandemic threw working lives into disarray, but we cannot afford to sacrifice security for convenience

  • Security
  • 22 February 2021
Thank Zuck it's Friday #3
Thank Zuck it's Friday #3 - Data adequacy, Darktrace and 'spy pixels'

Join the Computing team for episode three of the podcast that gives you the lowdown on the hottest tech news of the week

  • Privacy
  • 19 February 2021
North Korea targets Pfizer in vaccine hack
North Korea targets Pfizer in vaccine hack

South Korean intelligence says the attack was probably meant to raise money for its poorer northern neighbour

  • Security
  • 16 February 2021
Farewell to all that
The FT's Mark Barnes on the art of selling Cloud Only to the business

Barnes used Nudge Theory and EAST to rid the Financial Times of its remaining infrastructure burden

  • Cloud and Infrastructure
  • 12 February 2021
The latest Computing podcast is here!
Computing Podcast Episode 2 - AI in Security, Favicon hacks and Multi Cloud

The Computing team expertly dissects the week's news, including the latest research on the top vendors in AI-enhanced security, how Favicons can be used to track you online, and whether Multi-Cloud is set to take over the world

  • Security
  • 12 February 2021
blog comments powered by Disqus
Back to Top

Most read

Businesses have a 12-month grace period to flub IR35, says HMRC
Businesses have a 12-month grace period to flub IR35, says HMRC
'Silver Sparrow' malware infects about 30,000 Macs worldwide
'Silver Sparrow' malware infects about 30,000 Macs worldwide
'Spy pixels' in emails can track engagement and location
'Spy pixels' in emails can track engagement and location
Darktrace stockmarket flotation backer withdraws over Mike Lynch connection
Darktrace stockmarket flotation backer withdraws over Mike Lynch connection
Google fires AI ethics lead Margaret Mitchell
Google fires AI ethics lead Margaret Mitchell
  • Contact
  • Delta
  • Marketing solutions
  • Enterprise IT Events
  • Incisive Media
  • Terms & conditions
  • Policies
  • Careers
  • Twitter
  • LinkedIn
  • Newsletters
  • Facebook
  • YouTube

im_logo

© Incisive Business Media (IP) Limited, Published by Incisive Business Media Limited, New London House, 172 Drury Lane, London WC2B 5QR, registered in England and Wales with company registration numbers 09177174 & 09178013

Digital publisher of the year
Digital publisher of the year 2010, 2013, 2016 & 2017
Loading