GET single cyber alert

{"severity":"High","basePath":"http://digital.nhs.uk/cyber-alerts/citrix-adc-and-gateway-remote-code-execution-vulnerability/citrix-adc-and-gateway-remote-code-execution-vulnerability","category":["Exploit"],"seosummaryJson":"Citrix has released information about a vulnerability in its Application Delivery Controller (ADC) and Gateway products that allows an unauthenticated threat actor to achieve Remote Code Execution (RCE). Citrix has advised affected customers to immediately apply its provided mitigation.","fullTaxonomyList":[],"sections":[{"sectionType":"website-section","type":"","title":"","headingLevel":"Main heading","isNumberedList":false,"leaf":false,"hippoDocumentBean":false,"hippoFolderBean":false,"versionedNode":false,"html":"<p>Citrix has released information about a vulnerability in its Application Delivery Controller (ADC), Gateway, and software-defined wide area network (SD-WAN)&nbsp;products that allows an unauthenticated threat actor to achieve remote code execution (RCE). Citrix has advised affected customers to immediately apply its provided mitigation.</p>\n\n<p>The vulnerability is reported to occur from unsanitised handling of HTTP-based Virtual Private Network (VPN) requests. Multiple proof of concept exploits have now been released that target this vulnerability and security researchers have reported an increase in scanning activity attempting to identify vulnerable devices.</p>\n\n<p>Citrix ADC and Gateway were formerly branded as NetScaler products.</p>\n\n<p>For further information:</p>\n\n<ul>\n <li><a href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19781\">CVE-2019-19781</a></li>\n <li><a href=\"https://support.citrix.com/article/CTX267027\">Citrix support article CTX267027</a></li>\n <li><a rel=\"nofollow\" href=\"https://www.kb.cert.org/vuls/id/619785/\" class=\"external-link\">CERT/CC Vulnerability Note VU#619785</a></li>\n <li><a href=\"https://www.us-cert.gov/ncas/alerts/aa20-020a\">CISA Alert AA20-020A</a></li>\n</ul>\n\n<p>&nbsp;</p>"}],"shortsummary":"Citrix has released details of a remote code execution (RCE) vulnerability and recommended steps for mitigation. Threat actors now appear to be targeting vulnerable devices.","threatType":"Vulnerability","threatvector":[],"threatAffects":[{"versionsAffected":["13.0, 12.1, 12.0. 11.1, and 10.5 (all supported builds)"],"leaf":false,"hippoDocumentBean":false,"hippoFolderBean":false,"versionedNode":false,"platformText":"<p>Citrix/NetScaler ADC</p>"},{"versionsAffected":["13.0, 12.1, 12.0. 11.1, and 10.5 (all supported builds)"],"leaf":false,"hippoDocumentBean":false,"hippoFolderBean":false,"versionedNode":false,"platformText":"<p>Citrix/NetScaler Gateway</p>"},{"versionsAffected":["Software and appliance models 5100, 4100, and 4000 (all supported builds)"],"leaf":false,"hippoDocumentBean":false,"hippoFolderBean":false,"versionedNode":false,"platformText":"<p>Citrix SD-WAN WANOP</p>"}],"threatUpdates":[],"remediationSteps":[{"type":"Action","link":"https://support.citrix.com/article/CTX267679","leaf":false,"hippoDocumentBean":false,"hippoFolderBean":false,"versionedNode":false,"step":"<p>Apply the mitigation provided by Citrix as soon as possible.</p>"},{"type":"Patch","link":"","leaf":false,"hippoDocumentBean":false,"hippoFolderBean":false,"versionedNode":false,"step":"<p>Citrix has released updates to address this vulnerability in their ADC and Gateway versions 11.1 and 12.0. Affected organisations are encouraged to review the following Citrix advisories and apply the necessary remediation immediately:</p>\n\n<ul>\n <li><a href=\"https://www.citrix.com/downloads/citrix-adc/\">Citrix ADC (NetScaler ADC) download page</a></li>\n <li><a href=\"https://www.citrix.com/downloads/citrix-gateway/\">Citrix Gateway (NetScaler Unified Gateway) download page</a></li>\n</ul>\n\n<p>Citrix has also confirmed that updates for the remaining affected ADC and Gateway versions will be published before the end of January 2020.</p>"},{"type":"Aware","link":"","leaf":false,"hippoDocumentBean":false,"hippoFolderBean":false,"versionedNode":false,"step":"<p>Both Citrix and the US Cybersecurity and Infrastructure Security Agency have released tools to identify vulnerable devices and verify if mitigation steps have been applied correctly. Please not that NHS Digital do not test or verify third-party tools and that organisations use them at their own risk:</p>\n\n<ul>\n <li><a href=\"https://support.citrix.com/article/CTX269180\">Citrix support article CTX269180</a></li>\n <li><a href=\"https://github.com/cisagov/check-cve-2019-19781\">check-cve-2019-19781</a></li>\n</ul>\n\n<p>&nbsp;</p>"}],"indicatorsCompromise":[{"sectionType":"expander","heading":"Network Activity","audience":"Most people","leaf":false,"hippoDocumentBean":false,"hippoFolderBean":false,"versionedNode":false,"content":"<ul>\n <li><span>HTTP POST request to /vpns/portal/scripts/newbm.pl</span></li>\n</ul>"}],"ncscLink":"https://www.ncsc.gov.uk/news/citrix-alert","cveIdentifiers":[{"cveIdentifier":"CVE-2019-19781","cveStatus":"Master","leaf":false,"hippoDocumentBean":false,"hippoFolderBean":false,"versionedNode":false,"cveText":"<p>An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.</p>"}],"publishedDate":1578960000000,"sourceOfThreatUpdates":["https://support.citrix.com/article/CTX267027"],"cyberAcknowledgements":[],"threatId":"CC-3327","title":"Citrix RCE Vulnerability in Multiple Products","versionedNode":false,"remediationIntro":"<p>Citrix has advised affected customers to immediately apply its provided mitigation and then update appliance firmware when fixed versions have been released.</p>","summary":"<p>Citrix has released information about a security flaw in its Application Delivery Controller (ADC) and Gateway products. Example programs have been published online that show attackers can take full control of these systems. NHS organisations may use these products to provide access to clinical applications and data. Citrix has advised affected customers to immediately follow its recommended steps to address the security flaw. Citrix expects to release updates for these products before the end of January.</p>"}

{"basePath":"http://digital.nhs.uk/cyber-alerts/citrix-adc-and-gateway-remote-code-execution-vulnerability/citrix-adc-and-gateway-remote-code-execution-vulnerability","publishedDate":1578960000000,"threatId":"CC-3327","title":"Citrix RCE Vulnerability in Multiple Products","versionedNode":false,"summary":"<p>Citrix has released information about a security flaw in its Application Delivery Controller (ADC) and Gateway products. Example programs have been published online that show attackers can take full control of these systems. NHS organisations may use these products to provide access to clinical applications and data. Citrix has advised affected customers to immediately follow its recommended steps to address the security flaw. Citrix expects to release updates for these products before the end of January.</p>"}