Unpatched Citrix bug being exploited


By Dylan Bushell-Embling
Friday, 17 January, 2020

Unpatched Citrix bug being exploited

Cybercriminals are actively exploiting the critical vulnerability discovered in the Citrix Application Delivery Controller and Citrix Gateway disclosed late last year, the Australian Cyber Security Centre has warned.

Citrix has disclosed that cyber attackers are performing scans to find organisations vulnerable to the exploit.

The vulnerability potentially enabled unauthenticated attackers to execute arbitrary code, and there is currently no patch available. More than 3500 Australian companies could be vulnerable to attack.

Citrix has issued a list of mitigations, which the ACSC is urging Australian organisations running the affected applications to implement as soon as possible.

The mitigation steps include manually entering commands to make changes to management interfaces and responder policies.

Citrix expects to reduce an upgraded, fixed version of the firmware at the end of the month.

Meanwhile, the US Cybersecurity and Infrastructure Security Agency (CISA) has released a utility to allow users and administrators to test whether their Citrix software is susceptible to the vulnerability.

According to Citrix, the impacted products are the Citrix ADC and Gateway versions 10.5, 11.1, 12.0, 12.1 and 13.0.

Image credit: ©stock.adobe.com/au/zephyr_p

Related News

Illumio launches AI-powered threat detection platform

The Illumio Insights threat detection solution is designed to help organisations rapidly detect...

GenAI 'grey bots' scraping data from websites

Research from Barracuda has highlighted the issue of morally and legally ambiguous 'grey...

Tanium partners with DXC on endpoint management

Tanium has secured a partnership agreement with DXC that will leverage the company's...


  • All content Copyright © 2025 Westwick-Farrow Pty Ltd