Digital workspace and enterprise networks vendor Citrix has announced a critical vulnerability in the Citrix Application Delivery Controller (ADC) and Citrix Gateway. When exploited, the vulnerability allows unauthenticated attackers to gain remote access to a company’s local network and carry out arbitrary code execution.
The Citrix products (formerly the NetScaler ADC and Gateway) are used for application-aware traffic management and secure remote access, respectively, and are installed in at least 80,000 companies in 158 countries.
This attack does not require access to any accounts, and therefore can be performed by any external attacker. This vulnerability allows any unauthorized attacker to not only access published applications, but also attack other resources of the company’s internal network from the Citrix server.
Citrix applications are widely used in corporate networks, including their use for providing terminal access of employees to internal company applications from remote devices via the internet. Considering the high risk brought by the discovered vulnerability, and how widespread Citrix software is in the business community, it is strongly recommended that immediate steps are taken to mitigate the threat.
A set of measures has been released by Citrix to mitigate the vulnerability, including software updates.
Password-spraying is a related type of attack to brute-forcing and credential-stuffing. Instead of trying a large number of passwords against a single account, in password-spraying the adversary will try a single commonly used password (such as “123456”) against many accounts.
If unsuccessful, a second password will be tried, and so on until accounts are cracked. This “low and slow” method is used to avoid account lock-outs stemming from too many failed login attempts.