The network manufacturer Citrix has now published the first security patches for a massive vulnerability discovered in Citrix ADC. The Citrix Application Delivery Controller and the Citrix Gateway are used by numerous companies around the world to reduce network delays and to utilize their infrastructure more evenly. Due to the vulnerability, attackers can use it to remotely inject and execute malicious code, numerous security providers warn.
It Actually Started Quite Unspectacular
A security vulnerability was found in a Citrix network balancer in mid-December. This software is used both in companies and by network operators worldwide and ensures an even distribution of network utilization there to avoid delays due to peak loads. Among other things, web services are less susceptible to DDoS attacks. The vulnerability, however, allows any application to be run remotely and is therefore highly critical.
Citrix ADC Is Used By A Large Number Of Companies
Until the weekend, there was still no program code with which the vulnerability could have been exploited. Therefore, criminals initially limited themselves to looking for systems that were potentially vulnerable. An attack can be carried out with relatively little effort. Experts speak of one of the most dangerous vulnerabilities in recent years. Because Citrix ADC and NetScaler Gateways are used by a large number of companies and network providers worldwide, it didn’t take long for attackers to start looking for vulnerable systems. Citrix quickly compiled a list of immediate measures for operators of affected systems and became strongly advised to implement them. A secure version of Citrix ADC is expected shortly – the most up-to date information is also available on the Citrix website, including the dates on which patches will be available.
Citrix recommends that administrators update the products with firmware that has been corrected. However, this is not yet available. As soon as this is the case, registered customers will be notified accordingly. Until then, those affected can take some measures to mitigate the vulnerability. According to Positive Technologies, the vulnerability enables attackers to access local corporate networks without the need for an account. At least 75,000 companies in 150 countries are potentially at risk. With a share of 37 percent, above all US companies worldwide are affected by the vulnerability. However, companies in Australia and the UK are also at risk from the vulnerability.
