Threat Response: UPDATE – Citrix Gateway/ADC RCE (CVE-2019-19781)

18-01-2019

Last Tuesday, on the 14th of January, we informed you[1] about vulnerabilities in Citrix Gateway and ADC[2]. Earlier tonight, several updates around the Citrix vulnerabilities have been published by NCSC-NL[3].

At this point in time, Northwave has reviewed all the information that is currently publically available on the Citrix Vulnerability. Besides this information, Northwave has also analyzed the available exploits and several cases where Citrix servers were exploited.

Currently, we can see that the mitigation steps as prescribed by Citrix are effective. Updating the services if necessary, and applying the mitigation rules, in that order, renders the exploit ineffective. Based on these facts, we see no reason to take Citrix services fully offline if the correct mitigation measures were applied.

However, we do recognize the serious advice as given by the NCSC, based on information provided by the Dutch intelligence services. Therefore, if you require *full* assurance that the services are not vulnerable anymore, or if you are (related to) vital infrastructure, we recommend following this advice.

Please take into account that if you applied the mitigation measures after January 8, chances are your system has been compromised as attacks were seen starting on that date. If you see any suspicious activity, or require a forensic investigation, please contact the Northwave CERT.

If new critical information about this threat arises we will reach out to you. If you need additional information you can call us by phone or send us an email.

Phone number: +31 (0)30-303 1244 (during business hours)

E-mail: soc@northwave.nl

Do you have an incident right now? Call our CERT number: 0800-2255 2747

Disclaimer applies, see below.

Sources

[1] https://northwave-security.com/threat-response-citrix-gateway-adc-rce-cve-2019-19781/

[2] https://support.citrix.com/article/CTX267027

[3] https://www.ncsc.nl/actueel/nieuws/2020/januari/16/door-citrix-geadviseerde-mitigerende-maatregelen-niet-altijd-effectief

 

Disclaimer
Northwave has made every effort to make this information accurate and reliable. However, the information provided is without warranty of any kind and its use is at the sole risk of the user. Northwave does not accept any responsibility or liability for the accuracy, content, completeness, legality or reliability of the information provided. We shall not be liable for any loss or damage of whatever nature, direct or indirect, consequential or other, whether arising in contract, tort or otherwise, which may arise as a result of your use of, or inability to use, this information or any additional information provided by us in direct or indirect relation to the information provided here.