Unpatched Vulnerability with Citrix ADC / Gateway!

Just before xmas holidays, Citrix released CTX267027 announcing a remote code exection vulnerability with their ADC and Gateway products, formerly NetScaler and NetScaler Gateway.

The vulnerability known as CVE-2019-19781 allows an attacker to execute code on vulnerable gateways and SD-WAN WANOP appliances – even from remote sites and without any authentication. As of now, there’s no fix / patch available from Citrix, but they released CTX267679 explaining mitigation steps. Clearly spoken, Citrix recommends to configure a responder policy to prevent those attacks and bind it globally to your ADC / Gateway instances. The process is described accordingly.

We will keep you informed of any further fixes / patches and new firmware releases. In the meantime: take action, responsibility is yours.

Update: we’ve been very busy in helping customers to get rid of those crypto miners and back doors installed on vulnerable systems. In some cases, a full rebuild of their ADC / Gateway envrionment was needed, some MPX appliances needed to receive new system disks from citrix, others reported a full RMA of their MPX. Colleagues at PTEC and CUCG reported several issues and oddities with the new firmware versions released to fix CVE-2019-19871 vulnerability. Maybe I’ll write a round up and post it here, I dunno …

The firmware updates are available for all ADC / Gateway and SD-WAN WANOP platforms, please find ’em here:

Please keep in mind, NSOS 11.0 is not supported anymore, so there’s no updated firmware available. So update all your 10.5 environemtns out there!

Cheers,
Jochen.

Leave a Reply