An attacker can exploit this vulnerability to gain full access to the system and penetrate further into the network. Your systems might have already been compromised due to this vulnerability.
The vulnerable systems are commonly used—by our estimates, over 80,000 companies from 158 countries are at risk.
The vulnerability has been assigned CVE-2019-19781. The vulnerability can be found in all supported product versions and all supported platforms, including Citrix ADC and Citrix Gateway 13.0, Citrix ADC and NetScaler Gateway 12.1, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1, Citrix NetScaler ADC and NetScaler Gateway 10.5.
In most cases, Citrix applications are accessible on the perimeter of a company's network, which makes them particularly susceptible to attacks. By exploiting this vulnerability, an external unauthenticated attacker can obtain access to published applications and even use the Citrix server to perform attacks on other resources of the company's internal network.
What can you do?
Before an official patch for Citrix systems is released, we recommend that you do the following:
1. Implement Citrix configuration recommendations to prevent the exploitation of the vulnerability: https://support.citrix.com/article/CTX267679
2. Restrict or completely block access to vulnerable Citrix systems from the internet.
3. If you have PT Application Firewall deployed, configure it to block dangerous requests to ensure real-time protection. We have updated the PT Application Firewall knowledge base, which now includes rules for detecting this type of attacks.