How to Onboard Remote Employees More Efficiently
By |
How to Onboard Remote Employees More Efficiently Read More »
Original release date: January 20, 2020 | Last revised: January 27, 2020
Note: As of January 24, 2020, Citrix has released all expected updates in response to CVE-2019-19781.[1]
On January 19, 2020, Citrix released firmware updates for Citrix Application Delivery Controller (ADC) and Citrix Gateway versions 11.1 and 12.0.
On January 22, 2020, Citrix released security updates for vulnerable SD-WAN WANOP appliances.
On January 23, 2020, Citrix released firmware updates for Citrix ADC and Gateway versions 12.1 and 13.0.
On January 24, 2020, Citrix released firmware updates for Citrix ADC and Gateway version 10.5.
A remote, unauthenticated attacker could exploit CVE-2019-19781 to perform arbitrary code execution.[2] This vulnerability has been detected in exploits in the wild.[3]
The Cybersecurity and Infrastructure Agency (CISA) strongly recommends that all users and administrators upgrade their vulnerable appliances as soon as possible.
On December 17, 2019, Citrix reported vulnerability CVE-2019-19781. A remote, unauthenticated attacker could exploit this vulnerability to perform arbitrary code execution. This vulnerability has been detected in exploits in the wild.
The vulnerability affects the following appliances:
Citrix and FireEye Mandiant released an IOC scanning tool for CVE-2019-19781 on January 22, 2020. The tool aids customers with detecting potential IOCs based on known attacks and exploits.[13]
See the National Security Agency’s Cybersecurity Advisory on CVE-2020-19781 for other detection measures.[14]
CISA released a utility that enables users and administrators to detect whether their Citrix ADC and Citrix Gateway firmware is susceptible to CVE-2019-19781.[15] CISA encourages administrators to visit CISA’s GitHub page to download and run the tool.
CISA strongly recommends users and administrators update Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP as soon as possible.
The fixed builds can be downloaded from Citrix Downloads pages for Citrix ADC, Citrix Gateway, and Citrix SD-WAN.
Until the appropriate update is implemented, users and administrators should apply Citrix’s interim mitigation steps for CVE-2019-19781.[16] Verify the successful application of the above mitigations by using the tool in CTX269180 – CVE-2019-19781 – Verification ToolTest. Note: these mitigation steps apply to Citrix ADC and SD-WAN WANOP deployments.[17]
Refer to table 1 for Citrix’s fix schedule.[18]
Table 1. Fix schedule for Citrix appliances vulnerable to CVE-2019-19781
Vulnerable Appliance | Firmware Update | Release Date |
---|---|---|
Citrix ADC and Citrix Gateway version 10.5 | Refresh Build 10.5.70.12 | January 24, 2020 |
Citrix ADC and Citrix Gateway version 11.1 | Refresh Build 11.1.63.15 | January 19, 2020 |
Citrix ADC and Citrix Gateway version 12.0 | Refresh Build 12.0.63.13 | January 19, 2020 |
Citrix ADC and Citrix Gateway version 12.1 | Refresh Build 12.1.55.18 | January 23, 2020 |
Citrix ADC and Citrix Gateway version 13.0 | Refresh Build 13.0.47.24 | January 23, 2020 |
Citrix SD-WAN WANOP Release 10.2.6 | Build 10.2.6b | January 22, 2020 |
Citrix SD-WAN WANOP Release 11.0.3 | Build 11.0.3b | January 22, 2020 |
Administrators should review NSA’s Citrix Advisory for other mitigations, such as applying the following defense-in-depth strategy:
“Consider deploying a VPN capability using standardized protocols, preferably ones listed on the National Information Assurance Partnership (NIAP) Product Compliant List (PCL), in front of publicly accessible Citrix ADC and Citrix Gateway appliances to require user authentication for the VPN before being able to reach these appliances. Use of a proprietary SSLVPN/TLSVPN is discouraged.”
This product is provided subject to this Notification and this Privacy & Use policy.
How to Onboard Remote Employees More Efficiently Read More »
Inclusive Work Environment Is Vital for Digital Transformation Read More »
AA21-077A: Detecting Post-Compromise Threat Activity Using the CHIRP IOC Detection Tool Read More »
Has Your Organization Been Breached By Solar Winds Malware? Read More »