CISA Alerts

AA20-031A: Detecting Citrix CVE-2019-19781

Original release date: January 31, 2020 | Last revised: February 18, 2020 Summary Unknown cyber network exploitation (CNE) actors have successfully compromised numerous organizations that employed vulnerable Citrix devices through a critical vulnerability known as CVE-2019-19781.[1] Though mitigations were released on the same day Citrix announced CVE-2019-19781, organizations that did not appropriately apply the mitigations …

AA20-031A: Detecting Citrix CVE-2019-19781 Read More »

AA20-020A: Critical Vulnerability in Citrix Application Delivery Controller, Gateway, and SD-WAN WANOP

Original release date: January 20, 2020 | Last revised: January 27, 2020 Summary Note: As of January 24, 2020, Citrix has released all expected updates in response to CVE-2019-19781.[1]  On January 19, 2020, Citrix released firmware updates for Citrix Application Delivery Controller (ADC) and Citrix Gateway versions 11.1 and 12.0. On January 22, 2020, Citrix released security …

AA20-020A: Critical Vulnerability in Citrix Application Delivery Controller, Gateway, and SD-WAN WANOP Read More »

AA20-014A: Critical Vulnerabilities in Microsoft Windows Operating Systems

Original release date: January 14, 2020 Summary New vulnerabilities are continually emerging, but the best defense against attackers exploiting patched vulnerabilities is simple: keep software up to date. Timely patching is one of the most efficient and cost-effective steps an organization can take to minimize its exposure to cybersecurity threats. On January 14, 2020, Microsoft …

AA20-014A: Critical Vulnerabilities in Microsoft Windows Operating Systems Read More »

AA20-010A: Continued Exploitation of Pulse Secure VPN Vulnerability

Original release date: January 10, 2020 | Last revised: April 15, 2020 Summary Unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. Affected organizations that have not applied the software patch to fix an arbitrary file reading vulnerability, known as CVE-2019-11510, can become compromised in an attack. [1] Although Pulse …

AA20-010A: Continued Exploitation of Pulse Secure VPN Vulnerability Read More »

AA20-006A: Potential for Iranian Cyber Response to U.S. Military Strike in Baghdad

Original release date: January 6, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is sharing the following information with the cybersecurity community as a primer for assisting in the protection of our Nation’s critical infrastructure in light of the current tensions between the Islamic Republic of Iran and the United States and Iran’s historic …

AA20-006A: Potential for Iranian Cyber Response to U.S. Military Strike in Baghdad Read More »