This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties. Members and Law enforcement use only. Contact us for any permissions. To do otherwise will result in the loss of membership.
Complete Story
01/08/2020
VERT Threat Alert: Citrix NetScaler/ADC Critical Flaw (CVE-2019-19781)
The State of Security
Vulnerability Description
Citrix has indicated that an unauthenticated attacker can exploit this flaw to perform arbitrary code execution. Although details from Citrix are minimal, VERT’s research has identified three vulnerable behaviors which combine to enable code execution attacks on the NetScaler/ADC appliance. These flaws ultimately allow the attacker to bypass an authorization constraint to create a file with user-controlled content which can then be processed through a server-side scripting language. Other paths towards code execution may also exist.
Exposure and Impact
All supported product versions of Citrix ADC (formerly NetScaler) and Citrix Gateway are impacted. An attacker can exploit this with access to the web interface for either the ADC/NS IP or the virtual IP used for VPN portals regardless of which features are licensed or configured. A successful exploitation allows the attacker to take complete control of the affected system. Once an attacker has control over the system, they can access private network resources and can further compromise the network by hijacking authenticated user-sessions or stealing user-credentials.
Alerts
The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.
more information
Resources
Your electronic library to help in fighting financial fraud for all of our partners.
more information