Vulnerability in Citrix Application Delivery Controller and Citrix Gateway
As many of you have heard by now a major vulnerability to the Citrix Netscaler platform was announced before the holidays. At that time the vulnerability was not widely known or for that matter understood. Since that time we have seen bad actors using several tools to bypass corporate security mechanisms. From what we’ve seen at Critical Path Security this breach has the potential to affect every Citrix customer with a Citrix Netscaler gateway deployed. The fact that Citrix has been very quiet on this vulnerability considering they were hacked last year and suffered a significant data breach, is very disconcerting to say the least. Even at this moment, we have not heard how this breach at Citrix occurred or if it is somehow related to the Netscaler gateway vulnerability. The vulnerability is a path traversal bug that can be easily exploited over the internet by an attacker. The attacker…