Last month Citrix disclosed a critical security hole (CVE-2019-19781) in both its Application Delivery Controller and Unified Gateway (formerly known as Netscaler ADC and Netscaler Gateway). What’s bad about this security hole is that thousands of systems planet wide were thought to be at risk. BadPackets found a staggering 25000 of them without really trying too hard yesterday.
Well, if you haven’t patched this, then you might be in trouble. Researchers have now publicly shared working exploit code for the remote takeover bug. The proof-of-concept code can be used to trivially achieve arbitrary code execution with no account credentials. Which of course is bad. But what is worse is that attacks have apparently already begun. Which means that as I type this, you might already be pwned by hackers. Thus I would suggest that if you have a Citrix Application Delivery Controller and Unified Gateway, you might want to put down that coffee and check to see if you’re protected from this. And if you aren’t, I’d be apply patches ASAP. Plus I’d be taking a look at your IT infrastructure to see if the bad guys are already in and setting up shop.