Citrix has delivered permanent fixes for a series of serious flaws in its products.
News of the bugs emerged just before Christmas 2019, during CRN Australia’s summer break. Sibling publication iTnews revealed the problem: CVE-2019-19781 impacted Citrix application delivery controllers and SD-WAN products and meant attackers could access a victim’s LAN over the internet.
Citrix has rushed out mitigations that harden its products, but attackers have already started to exploit the problem. The vendor delivered some patches, for ADCs, earlier this week.
News posted today detailing permanent patches for SD-WAN WANOP products will therefore be welcomed by Citrix partners and end-customers alike.
The patches can be found here and will require an upgrade to recent versions of Citrix code. Citrix has also provided an assessment tool, here.
Today’s releases don’t end the saga, because a patch is still a couple of days away for some versions of Citrix ADC and Citrix Gateway.
Citrix says “we strongly encourage customers to apply the permanent fixes as soon as possible.”
CRN hopes that won’t spoil the Australia Day long weekend for our readers.
UPDATE, JAN 24th. Citrix has now released final patches for ADC and Gateway products. Details of the new releases can be found here.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
