Via de officiële Citrix kanalen hebben wij hierover onderstaand bericht ontvangen en willen je adviseren hierop z.s.m. actie te ondernemen.
Informatie vanuit Citrix
Last month, we advised customers of a discovered vulnerability in Citrix® Application Delivery Controller (ADC) and Citrix Gateway that, if exploited, could allow an unauthenticated attacker to perform arbitrary code execution.
We immediately started our security response process that involves, among other actions, variant analysis and mitigation development. Due to the increased risk of vulnerability leaks and the potential for an uncoordinated disclosure, we published a security advisory with detailed mitigations. These mitigations cover all supported versions and contain detailed steps designed to stop a potential attack across all known scenarios.
We are currently working to develop permanent fixes. As with any product of this nature, and consistent with our policies and procedures, these fixes need to be comprehensive and thoroughly tested. We anticipate making them available for supported versions as follows:
Version 13 - 27 January 2020
Version 12.1 - 27 January 2020
Version 12 - 20 January 2020
Version 11.1 - 20 January 2020
Version 10.5 - 31 January 2020
There have been reports of network scanning to detect the presence of this vulnerability. As many deployments are behind the firewall, we believe that a limited number of devices are exploitable. We continue to recommend that all affected customers deploy the previously released mitigation and follow all steps.
We remain deeply committed to the security of our solutions and will continue to provide updates on CVE-2019-19781 and support to our customers in managing the vulnerability via our product support Knowledge Center. To receive updates automatically, visit: https://support.citrix.com/user/alerts