New: Jan 15 2020

Citrix has announced a critical vulnerability its Citrix Application Delivery Controller (ADC) and Citrix Gateway products. If exploited, it could allow unauthenticated attackers to gain remote access to networks and carry out arbitrary code execution. There is known to be a proof of concept exploit available.

Recommended Actions:

There is no patch or update available at this time. The vendor has described a workaround:

https://support.citrix.com/article/CTX267679

Please monitor the vendor site for software updates.

Information Security Response:

The University’s networks have been initially scanned to find 123 active Citrix servers. None are found to be vulnerable at this time. Scanning will continue.

References:

https://threatpost.com/unpatched-citrix-flaw-exploits/151748/

https://support.citrix.com/article/CTX267027