Two Citrix products have been found having a critical flaw threatening 80,000 corporations’ networks in 158 nations. With 38% of the weak systems, firms in the U.S. experienced most of the risks followed by the UK, Germany, the Netherlands, and Australia.
Positive technologies found a critical vulnerability in Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway
It may allow attackers access to an organization’s local network and inside access credentials.
The easily exploitable glitch affects all supported versions of the product, and all supported platforms, along with, Citrix NetScaler ADC and NetScaler Gateway 10.5, Citrix ADC and NetScaler Gateway 11.1, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 12.1, and also Citrix ADC and Citrix Gateway 13.0.
The vulnerability described as critical is yet to be assigned a CVSS severity score.
Upon exploitation, the attacker would not need any authentication to access any accounts.
Unauthorized access can be further exploited to revealed applications and different internal network resources from the Citrix servers.
Citrix applications are used for offering terminal access for workers to internal firm applications from any device through the Internet.
Citrix has partially addressed the security glitch by publishing a set of mitigation measures for standalone systems and clusters as part of a knowledge-base article.
Symantec further recommended firms to dam external access at the edge of the network and use intrusion detection programs to monitor accessible hyperlinks. It isn’t the first time that Citrix needed to deal with a critical security vulnerability.
The FBI, in March, notified the agency that attackers breached its network and downloaded enterprise documents.