Citrix, as planned, released the patches to address the CVE-2019-19781 vulnerability for Application Delivery Controller (ADC) and Gateway. At least 80,000 organizations in 158 countries are exposed to the flaw
Citrix, as planned, released the patches to address the CVE-2019-19781 vulnerability for Application Delivery Controller (ADC, NetScaler ACD) and Gateway. The flaw was announced in the last days and confirmed by vendor. The problem originated from gaps in the management of http client requests by the web interfaces of the Appliances in question, which make it possible for a remote attacker to execute arbitrary commands within the system, to install backdoors and malware without any authentication. Moreover, the zero-day vulnerability has already been exploited by cybercrime with waves of attacks against many targets. The cyber security experts warn that at least 80,000 organizations in 158 countries are exposed. Furthermore, some PoCs just released allow to create reverse shells and execute commands on compromised devices, that led to full control of them.
FireEye cyber security experts: cybercrime tried to exploit the CVE-2019-19781, spreading fake addressing tools as NOTROBIN
Cyber security experts released some tools to address the Citrix CVE-2019-19781 vulnerability. Some of them, as the Cybersecurity and Infrastructure Security Agency (CISA) utility, enables users and administrators to test whether their software is susceptible of been attacked. But others are malicious. FireEye advised that cybercrime shared NOTROBIN payload. The software is able to block the flaw, but in the meantime it leaves an open backdoor on the infected devices. According to the company, upon gaining access to a vulnerable NetScaler device, the threat actor cleans up known malware and deploys NOTROBIN to block subsequent exploitation attempts! But all is not as it seems, as it maintains backdoor access for those who know a secret passphrase. This actor may be quietly collecting access to NetScaler devices for a subsequent campaign.