Blog

Citrix Applications Need Patch To Address Vulnerability

Jan 9, 2020 | Blog

Researchers at Positive Technologies recently discovered a serious vulnerability in Citrix Enterprise products that threatens the security of more than 80,000 companies in 158 countries around the world.

The issue is being tracked as CVE-2019-19781. If it is left unpatched, it puts companies using either product at risk of phishing attacks, malware, cryptojacking attacks ,and DDoS attacks. That is to name just a few.

According to the researchers, the vulnerability impacts all of the company’s enterprise products, including:

  • Citrix ADC and Citrix Gateway 13.0
  • Citrix ADC and NetScaler Gateway 12.1
  • Citrix ADC and Netscaler Gateway 12.0
  • Citrix ADC and Netscaler Gateway 11.1
  • Citrix NetScaler ADC and NetScaler Gateway 10.5

Positive Technologies reported the issue to Citrix earlier in December 2019). The company responded quickly and has already issued a patch. The company urges all users of the software mentioned above to apply the patch immediately, because the issue “could allow an unauthenticated attacker to perform arbitrary code execution.”

Citrix also recommends making configuration changes in the stand-alone system and running commands from the command line interface. That is, according to a recent blog post on the company’s website.

Unfortunately, this vulnerability has been lurking in the shadows since at least 2014, which means that hackers have had plenty of time to exploit the vulnerability. If you’re unable to patch your software in the near future, it’s important to look for any existing exploitations that may already be compromising your system.

This is a serious, globe-spanning threat. Patching it to keep away from danger should be given highest priority. Kudos to Citrix for their rapid response, but given how long this vulnerability has been waiting to be discovered, the fear that there may be others is there. Stay vigilant and apply the patch as soon as you’re able.

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Data Breach at Sequoia One Exposes Sensitive Customer Information

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Get a Free Consultation

 

Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!

 

Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523
  • info@icn.tech