Citrix rolls out patches for critical ADC vulnerability that is being abused in the wild

Company fired 300 employees for Christmas due to ransomware attack Telemarketing company from Arkansas tells the staff to look for a new job after suspending all activities just before the vacation. Citrix has released patches to permanently resolve a vulnerability in ADC software that is actively exploited in the wild. The vulnerability, maintained as CVE-2019-19781, affects the Citrix Application Delivery Controller (ADC) – formerly known as NetScaler ADC – and Citrix Gateway, formerly known as NetScaler Gateway, as well as Citrix SD-WAN WANOP. The scope of this vulnerability includes Citrix ADC and Citrix Gateway Virtual Appliances (VPX) hosted on one of Citrix Hypervisor (formerly XenServer), ESX, Hyper-V, KVM, Azure, AWS, GCP or on a Citrix ADC Service Delivery Appliance ( SDX), “the company says. “Further research by Citrix has shown that this problem also affects certain implementations of Citrix SDWAN, in particular Citrix SDWAN WANOP edition. Citrix SDWAN WANOP edition packages Citrix ADC as a load balancer, resulting in the affected status. ”