If You Haven’t Patched Your Citrix Application Delivery Controller and Unified Gateway, You Might Already Be Pwned By Hackers

Last month Citrix disclosed a critical security hole (CVE-2019-19781) in both its Application Delivery Controller and Unified Gateway (formerly known as Netscaler ADC and Netscaler Gateway). What’s bad about this security hole is that thousands of systems planet wide were thought to be at risk. BadPackets found a staggering 25000 of them without really trying too hard yesterday.

Well, if you haven’t patched this, then you might be in trouble. Researchers have now publicly shared working exploit code for the remote takeover bug. The proof-of-concept code can be used to trivially achieve arbitrary code execution with no account credentials. Which of course is bad. But what is worse is that attacks have apparently already begun. Which means that as I type this, you might already be pwned by hackers. Thus I would suggest that if you have a Citrix Application Delivery Controller and Unified Gateway, you might want to put down that coffee and check to see if you’re protected from this. And if you aren’t, I’d be apply patches ASAP. Plus I’d be taking a look at your IT infrastructure to see if the bad guys are already in and setting up shop.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: