Hello, welcome to the Friday, December 27th, 2019 edition of the Sansonet Storm Center's

Stormcast. My name is Johannes Ulrich. And the time recording from Jacksonville, Florida.

Well, I told you I want to publish at least one more podcast, and we also had a number of great diaries over the holidays, but the couple of

minutes I have your attention for, I really don't want to waste and focus on one particular

issue that you definitely should address as quickly as possible.

And that's a vulnerability in the Citrix application delivery controller and Citrix Gateway.

Those systems used to be known as NetScaler and NetScaler Gateway before Citrix acquired the product.

So the problem here is that this is a relatively easy to exploit directory traversal vulnerability that allows arbitrary

code execution on these products, which of course usually secure your perimeter. Now, with

this access, an attacker, for example, could get access to your network or, of course, manipulate

these devices. Citrix did originally publish

an advisory on the 17th. It hasn't really gotten much attention, but on the 23rd, so on Monday

this week, positive technologies which originally discovered this vulnerability did publish their

blog post and that really has gotten more attention.

So now there is more focus on this vulnerability and also more awareness, of course, likely

also among the bad guys.

Good news at this point, I don't see any exploit attempts against

this vulnerability using our honeypots, but then again our honeypots aren't really good in

emulating these Cytrics devices. We may fix this. So different really more sort of get

internet wide scans for the vulnerability and not so much more targeted attempts.

And of course, most enterprises I would guess have a Syrac's device like this summer in their network.

So certainly important. So what should you do? Well, read up on the advisory.

...