{"id":12765,"date":"2020-01-24T00:15:00","date_gmt":"2020-01-23T23:15:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=12765"},"modified":"2020-03-27T05:46:02","modified_gmt":"2020-03-27T04:46:02","slug":"citrix-vulnerability-new-updates-and-scanners-for-testing","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/01\/24\/citrix-vulnerability-new-updates-and-scanners-for-testing\/","title":{"rendered":"Citrix vulnerability: New updates and scanners for testing"},"content":{"rendered":"

[German<\/a>]Citrix developers have now released further firmware updates to close the vulnerabilities reported before Christmas 2019. There is also a scanner to detect Citrix systems compromised via the CVE-2019-19781 vulnerability. And there is a critical vulnerability in Cisco Firepower.<\/p>\n

<\/p>\n

Citrix vulnerability CVE-2019-19781<\/h2>\n

\"\"A vulnerability (CVE-2019-19781<\/a>) exists in the Citrix Application Delivery Controller (ADC), formerly NetScaler ADC, and in Citrix Gateway, formerly NetScaler Gateway, that could allow attackers to execute unwanted code. If this vulnerability is exploited, attackers can gain direct access to the corporate local network from the Internet. This attack does not require access to any accounts and therefore can be executed by any remote attacker. I first reported the vulnerability in Citrix products before Christmas 2019 in the blog post Vulnerability in Citrix Apps put companies at risk<\/a>.<\/p>\n

Firmware updates for Citrix products<\/h2>\n

The first firmware update for the Citrix ADC\/Netscaler 11.1\/12.0 was released on January 19, 2020, and Citrix has also published a blog entry on the topic of\u00a0 Vulnerability Update: First permanent fixes available, timeline accelerated<\/a>. Permanent fixes for the ADC versions 11.1 and 12.0 are available for download here<\/a> and here<\/a>.<\/p>\n

I had reported patches for Citrix ADC\/Netscaler 11.1\/12.0 available (19.1.2020) in the blog post Citrix ADC\/Netscaler patches 11.1\/12.0 released (01\/19\/2020)<\/a>, for more details see the Citrix blog post<\/a>. There the release dates and the versions for the updates are listed.<\/p>\n

\n

The permanent security patch \/ firmware for @Citrix<\/a> CVE-2019-19781 is now available for all versions: 11.0, 11.1, 12.0, 12.1 and 13.0 Happy updating! https:\/\/t.co\/q0PNaR8EpL<\/a> #CitrixADC<\/a> #NetScalerRocks<\/a> pic.twitter.com\/V2vkp0E0If<\/a><\/p>\n

\u2014 Anton van Pelt (@AntonvanPelt) January 23, 2020<\/a><\/p><\/blockquote>\n