A recently discovered vulnerability in the Citrix Gateway (NetScaler Gateway), and the Citrix Application Delivery Controller (NetScaler ADC) could expose 80,000 companies to hacks.
UPDATE. According to the latest information, there are working exploits against the CVE-2019-19781 flaw which allow attackers to perform easily arbitrary code execution attacks without the need of account credentials.
What the Citrix Vulnerability (CVE-2019-19781) Means for Companies around the World
A researcher recently discovered a critical flaw in the Citrix Application Delivery Controller (NetScaler ADC), and the Citrix Gateway (NetScaler Gateway). These vulnerabilities put tens of thousands of businesses at risk of being remotely hacked.
The Citrix ADC Gateway flaw, CVE-2019-19781, was unearthed in December 2019. Because of the end-of-year festivities, these vulnerabilities never received the attention they deserved. The vulnerable products include the Citrix Application Delivery Controller, previously known as NetScaler ADC and Citrix Gateway, formerly known as NetScaler Gateway. According to Citrix, these vulnerabilities impact the following:
- Citrix NetScaler ADC & NetScaler Gateway v. 10.5 on all supported builds
- Citrix ADC & NetScaler Gateway v 11.1, 12.0, 12.1 on all supported builds
- Citrix ADC & and Citrix Gateway v 13.0 on all supported builds
The man who discovered the CVE-2019-19781 vulnerability is Mikhail Klyuchnikov, of Positive Technologies. The critical flaw makes it possible for hackers to break into the company’s local network through the Internet. This vulnerability puts many resources at risk, including the company’s internal network, and published applications. Since the critical flaw was revealed, Citrix published mitigation advice for users.
Yet, Citrix has not provided an actual fix for the problem, however, thousands of companies using the Citrix software are advised to upgrade all vulnerable systems. Several effective options exist for preventing dangerous requests from breaching the security loophole, such as application firewalls. It is estimated that the first vulnerability was released in 2014, compromising infrastructure in the process.
The organizations which have been affected are susceptible to criminals gaining access to their restricted networks by impersonating registered and authorized users. For this reason, experts advise organizations using the NetScaler/ADC systems to implement mitigation procedures post-haste. If hackers successfully exploit these vulnerabilities, it could lead to what is known as arbitrary code execution.
80,000+ Companies in 158 Countries at Risk After the Discovery of CVE-2019-19781
As soon as the security flaw was brought to the public’s attention, it was found that some 80,000 predominantly North American companies (with many companies across 158 countries) are vulnerable installations. The at-risk companies are predominantly located in the Netherlands, Australia, United Kingdom, Germany, and the United States.
Further analysis of the problem has found that less than a third of the 58,000+ exposed appliances had mitigation enabled. That means that 39,378 of the IP addresses that were scanned were purportedly vulnerable, with many high-value targets in healthcare, finance, and government at risk. As far as security implementation rules go, perimeter security is sacrosanct. The vendor is responsible for supplying security patches for each breach in a timely fashion. Next, enterprise IT personnel begin work on implementing these patches, oftentimes over a period of days or weeks.
Companies with Citrix gateways on their perimeter are required to conduct routine maintenance, testing, and updates of the software. Still, in the recently discovered breach, none of the updates were current. To help mitigate the effects of software breaches, companies are better served by adopting a cloud-based solution.
These serve as the most responsible way to update software through the vendors and not through the company’s IT team. This eliminates most of the errors that IT teams are prone to and also reduces the possibility of hacks. The cloud-based alternative prevents long delays and further destabilization of the security infrastructure of the company.
SaaS for Cloud-Based Security Configurations
The software as a solution option (SaaS) confers many additional benefits to companies over those requiring individual IT departments to get involved in patching and repairs. Enterprise VPN software in the cloud is also an option, as part of a brand-new set of products known as Cloud-delivered SDP (Software Defined Perimeter) with zero-trust network access. By shifting the playing field to make the virtual arena the de facto solution rather than the physical office, the cloud-based system serves its purpose wherever the user’s device goes.
The benefit of adopting cloud-based software defined perimeter is that there are no vulnerabilities to the enterprise network from hackers. Users also get to enjoy customized access to specific applications rather than the entire network. This bolsters the overall security of the system, particularly with contractors and consultants.
By limiting access to key areas necessary for task completion, companies can maintain a vice-like grip on their security protocols. With zero-trust network security, enterprise networks can be protected against hacking. Software defined perimeter is people-centric, as it safeguards data and users on the premises and away from the premises. The cloud-based solution provides instant security with no windows open to hackers.