Recently, two exploits appeared on GitHub for the critical vulnerability CVE-2019-19781, recently found in the Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway).
Let me remind you that according to experts, this problem threatens 80,000 companies in 158 countries and allows hackers to seize devices, gaining access to the company's internal networks. The bug is so serious that it is considered one of the most dangerous errors discovered in recent years.
More than a month has passed since the discovery of the problem, but Citrix developers have not yet released the patch, only published it for their customers. safety recommendationsexplaining how to reduce risks. Currently developers promise fix the problem before the end of the current month.
Information security experts, meanwhile, warn that hackers have already begun to "probe the ground" and figure out how best to use the problem.
? In my Citrix ADC honeypot, CVE-2019-19781 is being probed with attackers reading sensitive credential config files remotely using ../ directory traversal (a variant of this issue). So this is in the wild, active exploitation starting up. ? https://t.co/pDZ2lplSBj
– Kevin Beaumont (@GossiTheDog) January 8, 2020
Hosts vulnerable to CVE-2019-19781 have already been enumerated by threat actors. Apply the mitigation ASAP!https://t.co/9MOvnSnjUb
– Bad Packets Report (@bad_packets) January 10, 2020
Even worse, PoC exploits for vulnerabilities have now been published on GitHub: first created a group of information security researchers Project Zero India, second owned by developers from TrustedSec.
Interestingly, TrustedSec experts initially did not plan to publish their exploit in the public domain, as they understood that this would cause a surge in attempts to exploit the problem. However, now, seeing that others have already published the code of their exploits, TrustedSec experts also decided to keep up.