Citrix ADC (formerly NetScaler ADC)

Citrix ADC is a software-centric application delivery and load balancing solution specifically designed to increase the speed of traditional, cloud and web applications, regardless of where they are hosted.

2023: Identifying a vulnerability that allows an unauthenticated user to remotely execute arbitrary commands

The UserGate Monitoring and Response Center on July 25, 2023 warned of a critical vulnerability in NetScaler ADC and NetScaler Gateway.

CVE-2023-3519 is a vulnerability that allows an unauthenticated user to remotely execute arbitrary commands (RCE) in NetScaler ADC and NetScaler Gateway.

To be able to operate, the affected devices must be configured as a gateway (e.g., virtual server VPN ICA Proxy, CVPN, RDP Proxy) or virtual server, and authentications authorizations auditing (AAA) with SAML enabled. The vulnerability occurs when sending too many channelization or conversion methods in a SAML message.

According to the vulnerability CVSSv3.1, it was rated: 9.8

2021: Avanpost FAM Compatibility

On November 18, 2021, Outpost announced that it had integrated Avanpost FAM with Citrix enterprise solutions for secure remote access: Citrix Virtual Apps and Desktops and Citrix ADC. Read more here.

2020: One in five companies has not fixed a vulnerability in Citrix software that allows intranet penetration

On February 7, 2020, it became known that a month and a half after the publication Positive Technologies information of a critical vulnerability in, ON Citrix which threatened 80 thousand companies in 158 countries, one in five companies still did not take measures to eliminate the vulnerability. This follows from data the monitoring of current threats (threat intelligence), which is carried out by Positive Technologies.

As reported, a critical vulnerability CVE-2019-19781 in the Citrix Application Delivery Controller (NetScaler ADC) Citrix Gateway and (NetScaler Gateway) in December 2020 was discovered by Positive Technologies expert Mikhail Klyuchnikov. According to Positive Technologies at the end of 2019, the leaders in the number of potentially vulnerable organizations were (USA more than 38% of all vulnerable organizations),,, and Germany. Great Britain Netherlands Australia On January 8, 2020, an exploit was published that allows a hypothetical attacker to automate on attacks companies that have not eliminated this vulnerability.

Citrix developers planned to completely eliminate the problem from January 27 to January 31, 2020, but released a series of patches for different versions of the product a week earlier. It is important to install the required update as soon as possible, and until then adhere to the Citrix security recommendations that have been available since the release of information about the vulnerability. told Alexey Novikov, Director of the Positive Technologies Security Center (PT Expert Security Center)

In general, the dynamics of eliminating the vulnerability is positive, but 19% of companies still remain at risk. The top countries in terms of the number of potentially vulnerable organizations for February 2020 include Brazil (43% of the number of companies in which the vulnerability was originally identified), China (39%), Russia (35%), France (34%), Italy (33%) and Spain (25%). The best dynamics are demonstrated by the United States, Great Britain and Australia: in these countries, 21% of companies are recorded, which continue to use vulnerable devices and do not take any protection measures.

If the vulnerability is exploited, the attacker gains direct access to the company's local network from the Internet. To carry out such an attack, access to any accounts is not required, which means that any external violator can perform it.

Companies can use application-level firewalls to block a possible attack . For example, PT Application Firewall detects such an attack out of the box: the system should be put into the mode of blocking dangerous requests for real-time protection. Taking into account the general lifetime of the identified vulnerability (it has been relevant since the release of the first vulnerable version of the software, that is, since 2014), the identification of possible facts of exploitation of this vulnerability (and, accordingly, infrastructure compromise) in retrospect also acquires relevance. PT Network Attack Discovery users, starting December 18, 2019, can use special rules that detect attempts to exploit this vulnerability online.

2019

Vulnerability that allows you to penetrate the company's local network

On December 19, 2019, Positive Technologies announced that Positive Technologies expert Mikhail Klyuchnikov discovered a critical vulnerability in Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway). If it is exploited, the attacker gains direct access to the company's local network from the Internet. To carry out such an attack, access to any accounts is not required, which means that any external violator can perform it.

According to the company, during the monitoring of threats relevant for December 2019 (threat intelligence), Positive Technologies experts found that at least 80,000 companies from 158 countries are potentially vulnerable. The TOP-5 in terms of the number of such organizations includes the United States of America (more than 38% of all vulnerable organizations are located in the United States), Germany, Great Britain, the Netherlands, Australia. Russia ranks 26th in terms of the total number of potentially vulnerable companies in various business sectors - more than 300 organizations in total, including those included in the list of the largest companies in Russia according to RBC. Kazakhstan and Belarus are in 44th and 45th places in terms of the number of vulnerable companies, respectively.

The identified vulnerability was assigned a CVE-2019-19781 identifier, the vendor did not officially assign it a hazard level according to the CVSS scale as of December 2019, however, according to the expert assessment of Positive Technologies experts, this vulnerability corresponds to the highest, 10th hazard level. All supported versions of the product and all supported platforms are affected by it, including Citrix ADC and Citrix Gateway versions 13.0, Citrix ADC and NetScaler Gateway versions 12.1, Citrix ADC and NetScaler Gateway versions 12.0, Citrix ADC and NetScaler Gateway versions 11.1, and Citrix NetScaler ADC and Alnet versions 10.5. Depending on the specific configuration, Citrix applications can be used to connect to work computers and critical business systems (including classes such as ERP). In almost all cases, Citrix applications are available on the perimeter of the company's network, which means they are primarily susceptible to attacks. This vulnerability allows an external unauthorized attacker not only to gain access to published applications, but also to conduct attacks from the Citrix server on other resources of the internal network of the attacked company. Citrix has released a set of measures to compensate for this vulnerability, and also insists on immediately updating all vulnerable software versions to the recommended ones.

Given the high risk level of the identified vulnerability and the prevalence of Citrix software in the business environment, we recommend that information security services take immediate measures to eliminate the threat. told Dmitry Serebryannikov, Director of the Security Analysis Department of Positive Technologies

Companies can use application-level firewalls to block a possible attack. For example, PT Application Firewall detects such an attack out of the box: the system should be put into the mode of blocking dangerous requests for real-time protection. Taking into account the general lifetime of the identified vulnerability (it has been relevant since the release of the first vulnerable version of the software, that is, since 2014), the identification of possible facts of exploitation of this vulnerability (and, accordingly, infrastructure compromise) in retrospect also acquires relevance. PT Network Attack Discovery users, starting December 18, 2019, can use special rules that detect attempts to exploit this vulnerability online.

Integration with Red Hat OpenShift

On September 2, 2019, Citrix Systems announced that its Citrix ADC solution has been certified Red Hat OpenShift, allowing IT organizations to offer a faster and more flexible way to develop, test and deliver applications in Kubernetes environments.

According to the company, Citrix ADC is compatible with various Red Hat platforms, including Red Hat OpenShift, and the entire product stack is fully supported by Red Hat and its partners.

Citrix ADC Features

For August 2019, the solution can be deployed both locally and on all types of cloud platforms, including Amazon Web Services (EKS), Google Cloud Platform ( GKE), Microsoft Azure ( AKS). The Red Hat OpenShift certification is based on Citrix's Red Hat Container certification, confirming Citrix's commitment to supporting Red Hat's technology .

Benefits of Citrix Cloud Stack Deployment for Kubernetes Environments:

• Flexibility: IT-Companies can choose from a wide range of Citrix ADC delivery form factors, applications including high-performance containerized platforms (CPXs), solutions based on (virtual machines VPX), bare-metal solutions based on (Linux BLX), or existing MPX and/or SDX hardware systems.
• Consistency: With uniform code for all Citrix ADC options, IT companies can ensure consistent operations across all types of application workloads.
• Ease of migration: Monolithic applications can be quickly and easily migrated to a micro-service architecture with support for various protocols, including TCP, TCP-SSL, UDP, HTTP/S.
• Visibility and Control: The Citrix ADM (Application Delivery Management) unified management environment provides visibility to virtual applications and users, which is necessary to scale applications based on microservices, get online feedback communications , and eliminate problems with user comfort.