Around 80,000 companies that are using Citrix’s Application Delivery Controller (ADC) are at risk of being hacked due to a bug in their service. The ADC is a network software used by those companies and is affected with critical vulnerability, which can let unauthorized persons gain access to the company’s internal network in less than a minute!
80,000 Companies In Total!
First discovered by Mikhail Klyuchnikov, a security researcher from Positive Technologies in the UK, he defined this bug is so critical that can impact the thousands of companies’ with ease. The current users of this software are estimated to be around 80,000 companies in 158 countries. Neither Klyuchnikov nor Citrix has detailed the bug implication, but have termed the consequences.
Identified with code CVE-2019-19781, the vulnerability was found in Citrix’s Application Delivery Controller (ADC), which is used for connecting to workstations. This network is formed with all the computers and servers of a company being connected to each other. So unauthorized access into this can let an attacker gain confidential information.
The company and the discoverer report that the following systems are vulnerable.
- Citrix ADC and Citrix Gateway version 13.0 all supported builds.
- Citrix ADC and NetScaler Gateway version 12.1 all supported builds
- Citrix ADC and NetScaler Gateway version 12.0 all supported builds
- Citrix ADC and NetScaler Gateway version 11.1 all supported builds
- Citrix NetScaler ADC and NetScaler Gateway version 10.5 all supported builds
Temporary Defense Until Major Patch
May the IT team of Citrix isn’t having a good time in this holiday weekend, they gotta work hard and release a patch soon for this vulnerability. The company, right after being reported by Klyuchnikov, has recognized the flaw and addressed in its blog.
The company is now notifying all its customers about the bug and recommending them to apply for mitigation measures. It has detailed the steps for a temporary defending measure.
Further, the company has suggested the administrators subscribe for their bulletin board to know when they will be releasing the patched firmware.
The Citrix hasn’t given the bug a severity score, the discoverer Positive Technologies opined it to deserve 10/10!