Citrix – Vulnerability

Citrix has finally released security patches for all the builds affected by a critical vulnerability that was first reported back in 17th December 2019.  This vulnerability was found in the Citrix Application Delivery Controller (ADC) and Citrix Gateway and allows unauthorised users to execute code on a network.  There have been reports of the issue being exploited since early January this year but initially Citrix only provided migration advice for those affected to help prevent possible attacks.

It is now advised that affected organisations apply the latest fixes as soon as possible and investigate their networks to find out whether exploitation has already taken place.  A scanning tool has been developed by Citrix and Mandiant FireEye to enable users to do this as it analyses available log sources and system forensic artefacts. The tool can be found here.