Recent vulnerabilities found in Citrix ADC and Gateway are vulnerable to remote code execution which could potentially allow hackers to gain access to the services and control them. These Citrix services control application delivery, load balancing, and Gateway solutions.
Citrix is now in a hot spot as Proof-of-Concept code has been released and now being refined. This puts them in a tough position as now so-called ‘script-kiddies’ can take a hold of this simplified exploit to do harm against these services.
Citrix disclosed the vulnerabilities without releasing security patches for the vulnerable software. They had offered mitigation to help guard Citrix servers against potential attacks, however, they did not release a patch until available after 23 days of disclosure. This gives attackers plenty of time to exploit these services and gain access to where they shouldn’t.
It has been recommended to apply the recommendations and to monitor devices for any attack logs which maybe present.