ALERT — Vulnerability in Citrix ADC (NetScaler)

On 27 December 2019, a critical vulnerability was identified in Citrix ADC (Netscaler) products for versions 10.5, 11.1, 12.0, 12.1, and 13.0. The vulnerability permits unauthenticated remote code execution on affected systems.

Lateral movement capability within networks connected to the compromised system represents a material risk factor requiring assessment and mitigation.

We tracked approximately 1 700 systems potentially vulnerable across Italy.

• 

• 

Potentially vulnerable systems by city and organization

Italian financial and banking institutions at elevated risk

Financial and banking institutions, as well as organizations providing outsourced IT services to the banking sector, represent high-value targets. Many of these entities expose potentially vulnerable systems.

We conducted a vulnerability assessment of leading Italian Banking and Finance sector organizations and identified the following exposure profile (institution names have been anonymized; numbers represent quantity of exposed vulnerable systems):

Financial institutions with highest count of potentially vulnerable systems

Attack detection

To identify potential exploitation attempts or system compromise, execute the following command:

ssh -t sistema.citrix.local 'grep -r "/../vpns/" /var/log/http*'

Mitigation and additional information

No patch has been released to remediate this vulnerability. Organizations should implement compensating controls through Cybersecurity Advisory engagement and vendor mitigation guidance.

Mitigation procedures are available at: https://support.citrix.com/article/CTX267679