IPM
Citrix

A critical vulnerability which has been identified in Citrix Application Delivery Controller and Citrix Gateway (formerly known as NetScaler ADC and NetScaler Gateway) has been in the news recently. If exploited, it could allow an unauthenticated attacker (anyone on the internet) to perform arbitrary code execution, potentially including launching remote access sessions or Citrix published applications. The vulnerability affects all platforms and [NetScaler] ADC versions since v10.5.

Citrix is working on releasing firmware patches to permanently correct the vulnerability. In the meantime, Citrix and IPM strongly recommend all Citrix ADC/NetScaler customers to immediately apply the temporary mitigation that has been provided by Citrix ( https://support.citrix.com/article/CTX267679 ) to protect their applications and network from attacks. 

Customers may apply the mitigation steps themselves if they are comfortable doing so. The mitigation does require using the CLI and rebooting the affected appliances, so we are on standby should you require any assistance. Please let us know if you plan on applying the mitigation yourselves or if we can be of service.

You can reply to this email or give us a call at 646.421.2774.