Users of Citrix-servers are exposed to danger

A vulnerability has been discovered in Citrix-servers. Hackers can use the Citrix-servers to get access to company networks. Those networks can be infected by ransomware, which causes huge consequences. The chances of a successful attack are high. We explain how this vulnerability affects companies and what you can do to reduce the risk.

Posted on January 14, 2020 in Blog.

The danger of Shitrix

A vulnerability (CVE-2019-19781, codenamed Shitrix) has been discovered in Citrix Application Delivery Controller and Citrix Gateway, formerly known as Netscaler ADC and NetScaler Gateway. This vulnerability allows a hacker to execute arbitrary code in order to obtain full control over the Citrix ADC and Citrix Gateway systems. Once access to these systems has been obtained, an attacker can use them as steppingstone to attack the internal IT infrastructure of the targeted organization.

The leak affects all recent (major) versions of said products. This vulnerability can be exploited by any attacker having network access to the systems, without the attacker being in possession of valid login credentials. Since many organizations disclose Citrix ADC and Citrix Gateway to the internet directly there is an increased risk of successful attacks, especially since working exploit code has been released to the internet.

Is my system vulnerable?

Tens of thousands of vulnerable servers have been found all over the world. In the Netherlands there are approximately hundreds of companies with vulnerable systems. Do you want to know if your company is in danger? Check if your system is vulnerable via the Python-tool at github.com

How to reduce the risk of a successful attack?

At the time of writing no updates are available to resolve the vulnerability. Citrix expects to release the first updates from January 20th, 2020. More information about the vulnerability and the expected updates can be found at support.citrix.com.

To limit the risk of exploitation, Citrix has published mitigating steps at support.citrix.com. Unfortunately these steps do not appear to be effective enough in all cases. Following the NCSC, Qbit recommends to take offline all Citrix ADC and Citrix Gateway as long as no official patches have been released. As soon as the patches have been released, install them as quickly as possible.

Erik Rutkens

By Erik Rutkens

CEO and founder Qbit

Any questions about this post or our services? Just Email me or call me on +31 6 53 317 977.

Contact us

The world of cybersecurity is complex and rapidly evolving, we know. Qbit guides you. Feel free to contact us.

Contact us

Newsletter