The Recent Citrix Breach

by | Feb 20, 2020 | Security

If the recent Citrix breach has you concerned, it’s understandable. Citrix revealed last month that the Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP have a vulnerability that could allow an unauthenticated attacker to perform arbitrary code execution. (Note that the Citrix ADC was formerly known as NetScaler ADC and Citrix Gateway was formerly known as NetScaler Gateway).

Let’s dig into what all this means and how to respond.

The Recent Citrix Breach Explained

The vulnerability is being tracked as CVE-2019-197981 and has been assigned a CVSS 3.x severity score of 9.8 by the National Institute of Standards and Technology (NIST). When Citrix initially revealed the flaw, it had no patch available and had the potential to impact up to 80,000 organizations in 159 countries. According to Citrix, the following product versions were impacted:

  • Citrix ADC and Citrix Gateway version 13.0 and all supported builds before 13.0.47.24.
  • NetScaler ADC and NetScaler Gateway version 12.1 and all supported builds before 12.1.55.18.
  • NetScaler ADC and NetScaler Gateway version 12.0 and all supported builds before 12.0.63.13.
  • NetScaler ADC and NetScaler Gateway version 11.1 and all supported builds before 11.1.63.15.
  • NetScaler ADC and NetScaler Gateway version 10.5 all supported builds before 10.5.70.12
  • Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO and all supported software release builds before 10.2.6b and 11.0.3b

As soon as the vulnerability was announced, bad actors started scanning the internet for vulnerable machines, according to ZDNet. In response, Citrix announced a timeline of patches, all of which were released by January 24.

Responding to the Recent Citrix Breach

The first step in responding to the breach is to update any impacted products to the most recent build. If for some reason you can’t update immediately, Citrix has recommended remediation steps to use until you can upgrade.

Once you’ve updated your Citrix product, we recommend running tests to verify the unmitigated threat no longer exists. Citrix offers a verification tool that you can use to verify resolution, but you may want to take additional security steps.

Getting Professional Guidance

The Citrix vulnerability is just one of many. It takes time to keep up with the changing nature of security threats.

That’s where we can help. Our security experts are familiar with the latest security vulnerabilities. We’ve conducted extensive remediation and testing work for a variety of clients. To learn more about our managed Security Information and Event Management (SIEM) services, check out our SIEM page.

SIEM Services

And if you would like to speak to an expert about your specific needs, please don’t hesitate to contact us.