Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 17 submissions in the queue.

As Attacks Begin, Citrix Ships Patch for VPN Vulnerability

posted by Fnord666 on Tuesday January 21 2020, @07:11PM   Printer-friendly
from the grab-some-popcorn dept.

upstart writes in with an IRC submission for Bytram:

As attacks begin, Citrix ships patch for VPN vulnerability:

On January 19, Citrix released some permanent fixes to a vulnerability on the company's Citrix Application Delivery Controller (ADC) and Citrix Gateway virtual private network servers that allowed an attacker to remotely execute code on the gateway without needing a login. The vulnerability affects tens of thousands of known VPN servers, including at least 260 VPN servers associated with US federal, state, and local government agencies—including at least one site operated by the US Army.

The patches are for versions 11.1 and 12.0 of the products, formerly marketed under the NetScaler name. Other patches will be available on January 24. These patches follow instructions for temporary fixes the company provided to deflect the crafted requests associated with the vulnerability, which could be used by an attacker to gain access to the networks protected by the VPNs.

Fermin J. Serna, chief information security officer at Citrix, announced the fixes in a blog post on Sunday. At the same time, Serna revealed that the vulnerability—and the patches being released—also applied to Citrix ADC and Citrix Gateway Virtual Appliances hosted on virtual machines on all commercially available virtualization platforms, as well as those hosted in Azure, Amazon Web Services, Google Compute Platform, and Citrix Service Delivery Appliances (SDXs).

See also:

Also at The Register

Original Submission

 
This discussion has been archived. No new comments can be posted.
As Attacks Begin, Citrix Ships Patch for VPN Vulnerability | Log In/Create an Account | Top | 1 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Funny) by Anonymous Coward on Tuesday January 21 2020, @07:27PM

    by Anonymous Coward on Tuesday January 21 2020, @07:27PM (#946491)

    In 2020 AD, attack was beginning.
    Citrix: What happen?
    Microsoft: Somebody set up us the VPN.
    FireEye: We get execute.
    Citrix: What?
    FireEye: Main screen turn on.
    Citrix: It's you!!
    UNKN: How are you gentlemen?
          All your base are belong to us.
          You are on your way to destruction.

    Starting Score:    0  points
    Moderation   +3  
       Funny=3, Total=3
    Extra 'Funny' Modifier   0  
    Total Score:   3