Over the last few days hackers have made multiple attempts to exploit a critical vulnerability found in Citrix technology, used by tens of thousands of businesses worldwide.
Citrix Application Delivery Controller and Citrix Gateway servers (formerly known as Netscaler ADC and Netscaler Gateway respectively) were found to contain a security vulnerability in December that “could allow an unauthenticated attacker to perform arbitrary code execution.”
Citrix has not at the time of writing released a patch for the critical vulnerability, which is officially called CVE-2019-19781 but also goes by the more colloquial moniker of “Shitrix”.
Instead the company has detailed a series of mitigation steps until permanent fixes in the form of firmware updates are made available – hopefully by the end of the month.
Unfortunately proof-of-concept code that has been published on the internet demonstrating how the vulnerability can be exploited now appears to be being used to target vulnerable Citrix appliances, as researchers Troy Mursch and Kevin Beaumont report.
Mursch says that a scan he conducted found over 25,000 vulnerable Citrix systems, in 122 countries across the globe. Affected organisations include government and military agencies, public universities, hospitals, and financial institutions.
One fear is that an attacker might exploit the flaw to spread a ransomware or cryptomining attack.
If you are responsible for securing your company’s infrastructure, follow Citrix’s mitigation recommendations now to prevent the Shitrix from hitting the fan in your organisation, and ready yourself to update the firmware as soon as the official patches come out.
Further reading: Hackers close Shitrix security hole to keep everyone out apart from themselves