Unpatched Citrix Vulnerability Exploited, Patch Weeks Away


Unpatched Citrix vulnerability exploited, patch weeks away.

On December 16, 2019, Citrix revealed a vulnerability in the company's Application Delivery Controller and Gateway products, commercial virtual-private-network gateways formerly marketed as 'NetScaler' and used by tens of thousands of companies.

Unpatched Citrix vulnerability exploited, patch weeks away.

The flaw, discovered by Mikhail Klyuchnikov of Positive Technologies, could give an attacker direct access to the local networks behind the gateways from the Internet without the need for an account or authentication using a crafted Web request.

Citrix has published steps to reduce the risk of the exploit.

But these steps, which simply configure a responder to handle requests using the text that targets the flaw, breaks under some circumstances and might interfere with access to the administration portal for the gateways by legitimate users.

A permanent patch will not be released until January 20 and as of January 12th, over 25,000 servers remains vulnerable, based on scans by Bad Packets.

This is not surprising, considering the number of Pulse Secure VPNs, that have not yet been patched over six months after a fix was made available, despite Pulse Secure executives saying that they have "worked aggressively" to get customers to patch that vulnerability.]

Given that vulnerable Pulse Secure servers have been targeted now for ransomware attacks, the same will likely be true for unprotected Citrix VPN servers, especially since last week, proof-of-concept exploits of the vulnerability began to appear, including at least two published on GitHub, as ZDNet's Catalin Cimpanu reported.

"The vulnerability allows the remote execution of commands in just two HTTP requests, thanks to a directory traversal bug in the implementation of the gateway's Web interface," the report adds.

"The attacks use a request for the directory '/vpn/../vpns/' to fool the Apache Web server on the gateway to point to the '/vpns/' directory without authentication. The attacks then inject a command based on the template returned from the first request."

CISA releases test for Citrix ADC and Gateway vulnerability.

Featured Sponsors

Games For Linux

Windows has always been the preferred platform for gaming, but after STEAM's interest in Linux more game developers are making their games natively available for Linux.


All information on this website is published in good faith and for general educational purposes and for use in safe testing environments only. While linuxexperten.com strives to make the information on this site as accurate as possible, linuxexperten.com does not warrant its completeness, reliability and accuracy.

We are not responsible for any losses or damages associated with the use of our website. While we strive to provide only links to useful websites, we have no control over the content of these sites and links to other sites do not constitute a recommendation for all content contained on these websites.


Site Information

This is a professional review site that receives compensation from the companies whose products reviewed. Each service or product are thoroughly tested and given high marks if considered to be the very best. Independently owned and the opinions expressed here are no one elses.


Limited Time Offers