On 17 december 2019 a vulnerability in Citrix Application Delivery Controller, formerly known as Netscaler, was disclosed. This vulnerability has CVE number CVE-2019-19781. Since the past weekend actual ways to exploit this CVE have been made public. This concerns a serious vulnerability that malicious actors can use to penetrate your network with all due consequences. Northwave has sent a Threat Response regarding these exploits yesterday. The Threat Response can be found at https://northwave-security.com/threat-response-citrix-gateway-adc-rce-cve-2019-19781/.
Northwave has seen these exploits in active use to try to penetrate various organisations’ infrastructure. In several cases, the Northwave CERT has been activated to mitigate an attack.