Multiple vulnerabilities have been discovered in Citrix ADC and Gateway, the most severe of which could allow for Authentication Bypass. Citrix ADC and Gateway is an Application Delivery Controller and a gateway service to products respectively. Successful exploitation of the most severe of these vulnerabilities could result in Authentication Bypass. A malicious actor may be able to obtain administrative access. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data.
- ADC and Gateway 13.1
- ADC and Gateway 13.0
- ADC and Gateway 12.1
- ADC 12.1 FIPS
- ADC 12.1-NDcPP
Companies should have an accurate inventory of all their hardware and software assets. Review those databases to determine your potential impact. You could also review vulnerability scan data for potential exposure. In all cases, if you find yourself exposed you should follow your vulnerability alert management process and patch according to the timelines it suggests. For CyberHoot vCISO clients, this is a Severity 1 issue that should be patched within 1-3 days.
Emergency Workaround if Patching is not Possible:
There are currently no known work-arounds to alleviate these risks outside of patching.
You have a Vulnerability Alert Management Process, right?
If you’re a subscriber to CyberHoot’s awareness training platform, you have access to our Policy and Process library which contains the Vulnerability Alert Management Process (VAMP) document. This document prescribes how to respond to situations like this and in what time frame. If your company has not yet adopted a VAMP-like process, now is a great time to get started.
If you’re a vCISO client, we’ve built this process for you and now you must execute according to the prescribed measures and timeframes. If you’re not a vCISO client or CyberHoot Product subscriber, perhaps you want to sign up here.