Hackers can use Citrix Application Delivery Controller (NetScaler ADC) and Gateway (NetScaler Gateway) Vulnerability (CVE-2019-19781) sneaked into the company's Internet. The vulnerability was discovered by Mikhail Klyuchnikov Positive Technologies of. It is estimated that there are 158 countries in 80 000 companies at risk, most of them in the United States (38%), followed by Britain, Germany, the Netherlands and Australia.
"If exploit the vulnerability, an attacker can. Direct access to this kind of attack from the Internet company's local network does not require access to any account, it can be performed by any external attacker." Positive Technologies wrote.
The vulnerability affects all versions of the product and the product supports all platforms, including Citrix ADC and Citrix Gateway 13.0,12.1,12.0,11.1 and 10.5. Experts pointed out that because hackers can not exploit this vulnerability to steal account, so hackers can get all server products and Intranet resources in the case of unauthorized.
Citrix for connecting workstations and business-critical systems. Since the Intranet can use Citrix, so hackers may attack Intranet resources from the server through the loopholes. Citrix has released a patch, they recommended that users update all vulnerable software versions. Positive Technologies noted that the vulnerability was introduced in 2014, Citrix software.
Source: SecurityAffairs