Citrix has launched patches to tackle a vulnerability in the ADC tool. The vulnerability, referred to as CVE-2019-19781, affects Citrix Software Supply Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP.
“The scope of this vulnerability includes Citrix ADC and Citrix Gateway Digital Home Equipment (VPX) hosted on any Citrix Hypervisor, ESX, Hyper-V, KVM, Azure, AWS, GCP or a Citrix ADC Provider Equipment Supply (SDX) “says the Company.
The vulnerability can also be used to release the execution of arbitrary attack code without testing process identity .
At the time of its unveiling, the protection flaw had not released a patch while about 80,000 organizations in 159 countries were at risk, said Mikhail Klyuchnikov, who first reported the problem.
Citrix also released some tips until the patch was released.
Citrix ADC and Citrix Gateway model 13.zero, Citrix ADC and NetScaler Gateway model 12.1, Citrix ADC and NetScaler Gateway model 12.zero, Citrix ADC and NetScaler Gateway model 11.1 and Citrix NetScaler ADC and NetScaler Gateway 10.five, and all supported builds are affected, along with SD-WAN WANOP 10.2.6 and 11.zero.three product variants.
It is worth noting that once GitHub released its exploit code, the attacks became a trivial affair.
According to FireEye, a hacker working on a Tor infrastructure has developed an additional payload for the growing attacks referred to as NotRobin.
This prompted Citrix to release a timetable of expected fixes, with patches for versions 13 and 12.1 on January 27, January 31 for 10.5and January 20 for versions 12 and 11.1.
Corrections for ADC versions 12 and 11.1 were released today. The safety advisory states that users should immediately “patch” patches, noting that if some ADC variants are used, IT admins should check for fixes launched for various builds .
“These fixes are observed in addition to Citrix ADC and Citrix Gateway Digital Home Equipment (VPX) hosted on any of ESX, Hyper-V, KVM, XenServer, Azure, AWS, GCP or Citrix ADC Provider Equipment Supply (SDX) . SVM on SDX doesn’t need to be up to date, ”Citrix said. “It is important to update all versions of Citrix ADC and Citrix Gateway 11.1 (MPX or VPX) to create 18.104.22.168 to configure protection vulnerabilities. As well as the cases of Citrix ADC and Citrix Gateway 12.zero (MPX or VPX) to run version 22.214.171.124 to apply protection vulnerability fixes . ”
In addition, Citrix has reduced the waiting time for worm repair to several versions. Citrix ADC additions for the 12.1, 13 and 10.five models are now expected on January 24 and a Citrix SD-WAN WANOP patch could also be released on the same day.
Citrix has provided another verification tool for IT admins to check that the corrections were made correctly.