Positive Technologies has uncovered a vulnerability in Citrix’s software offerings which put tens of thousands of companies at risk. The vulnerability was found by Positive Technology’s cybersecurity expert Mikhail Klyuchnikov in the vulnerability in Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway).
The vulnerability allowed hackers to gain direct access to companies from the internet. What is even worse is that it doesn’t require you to create an account to be able to take advantage of the vulnerability.
As per the Positive Technologies’ report, companies that are affected are located mostly in the US, with the UK, Germany, the Netherlands, and Australia. Companies in the other parts of the words could be at risk too — the report stated that around 80,000 companies in the 158 countries could be at risk.
According to itproortal, “this vulnerability affects all supported versions of the product, and all supported platforms, including Citrix ADC and Citrix Gateway 13.0, Citrix ADC and NetScaler Gateway 12.1, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1, and also Citrix NetScaler ADC and NetScaler Gateway 10.5.”
“Citrix applications are widely used in corporate networks. This includes their use for providing terminal access of employees to internal company applications from any device via the Internet. Considering the high risk brought by the discovered vulnerability, and how widespread Citrix software is in the business community, we recommend information security professionals take immediate steps to mitigate the threat,” says Dmitry Serebryannikov, Director of Security Audit Department, Positive Technologies.
Nevertheless, Citrix was quick to respond to the issues raised by Positive Technologies and released a set of measures, which include updating all vulnerable versions, to mitigate the effect.