{"id":12582,"date":"2020-01-13T18:01:23","date_gmt":"2020-01-13T17:01:23","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=12582"},"modified":"2024-10-03T00:46:39","modified_gmt":"2024-10-02T22:46:39","slug":"poc-for-citrix-adc-netscaler-vulnerability-cve-2019-19781","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/01\/13\/poc-for-citrix-adc-netscaler-vulnerability-cve-2019-19781\/","title":{"rendered":"PoC for Citrix ADC\/Netscaler vulnerability CVE-2019-19781"},"content":{"rendered":"

[German<\/a>]There is an unpatched vulnerability CVE-2019-19781 in Citrix ADC (Application Delivery Controller, formerly Netscaler) and proof of concept (PoC) exploits have been available for a few days to exploit the vulnerability – and honeypots are already under attack. I got also reports from intrusion into networks in German companies. Administrators responsible for Citrix ADC need to take action.<\/p>\n

<\/p>\n

Vulnerability CVE-2019-19781 in Citrix ADC<\/h2>\n

\"\"The vulnerability CVE-2019-19781<\/a> Vulnerability in Citrix Application Delivery Controller and Citrix Gateway leading to arbitrary code execution<\/em> exists in Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway).<\/p>\n

Citrix (NetScaler) ADC is a load balancer and monitoring system. The Unified Gateway enables remote access to internal applications. This can include desktop applications as well as intranet or web applications.<\/p><\/blockquote>\n

The vulnerability, classified as critical, could allow a local, unprivileged attacker to execute unwanted code. Mikhail Klyuchnikov, security expert at Positive Technologies, discovered<\/a> this critical vulnerability.<\/p>\n

Widely used<\/h2>\n

The Citrix ADC\/NetScaler is (according to a feedback from a specialist to me over the weekend) in use with at least 80,000 enterprise\/government customers. All companies that rely on Citrix XenApp\/XenDesktop to virtualize their applications usually also have a NetScaler in use.<\/p>\n

On December 24, 2019, I reported on the problem for which there is no patch available from Citrix so far in the article Vulnerability in Citrix Apps put companies at risk<\/a>. The support CTX267679 \u2013 Mitigation steps for CVE-2019-19781<\/a> explains how administrators can make the exploitability of the vulnerability more difficult in advance. explains how administrators can make the exploitability of the vulnerability more difficult in advance.<\/p>\n

PoC and attacks<\/h2>\n

I had already noticed it on Friday or the weekend, Citrix ADC administrators might get some grey hair now. Last Saturday, Catalin Cimpanu already pointed out that two proof of concept code examples for the now called Shitrix vulnerability are publicly available.<\/p>\n

\n

Proof-of-concept code published for Citrix bug as attacks intensify<\/p>\n

* Not one, but two PoCs have been published for CVE-2019-19781 (also known as Shitrix now)<\/p>\n

* PoC 1: https:\/\/t.co\/gdIbWAAc49<\/a>
\n* PoC 2: https:\/\/t.co\/tUiDcwpQ37<\/a>https:\/\/t.co\/5yFjnNrf65<\/a> pic.twitter.com\/zzJcaeE8wE<\/a><\/p>\n

\u2014 Catalin Cimpanu (@campuscodi) January 11, 2020<\/a><\/p><\/blockquote>\n