DHS warns of Citrix vulnerability under attack

Credit Citrix blog

PARCA eNews – Jan. 18, 2020 – The Department of Homeland Security’s cybersecurity unit has issued an alert about a weakness in the Citrix Application Delivery Controller and Ctirx Gateway web server applications that are experiencing active attacks.

A patch is under development but is not expected to be available until the week of January 20, 2020. In the meantime, Citrix says exploiting the vulnerability could allow unauthenticated attackers to perform arbitrary code executions, and is strongly advising customers to apply "relevant mitigations" and update the firmware as soon as it becomes available.

Relevant mitigations refer to a series of configuration changes the company recommends for CVE-2019-19781, formerly known as NetScaler ADC and NetScaler Gateway.

A wide array of systems have experienced attacks including government, finance and healthcare institutions.

Sources: InfoSecurity news and HIPAA Journal

Credit Citrix blog