RCE and myriad other types of attacks could take aim at the 19 percent of vulnerable companies that haven’t yet patched CVE-2019-19781.
About one in five of the 80,000 companies affected by a critical bug in the Citrix Application Delivery Controller (ADC) and Citrix Gateway are still at risk from a trivial attack on their internal operations.
If exploited, the flaw could allow unauthenticated attackers to gain remote access to a company’s local network and carry out arbitrary code-execution. Researchers told Threatpost that other attacks are also possible, including denial-of-service (DoS) campaigns, data theft, lateral infiltration to other parts of the corporate infrastructure, and phishing.
According to an assessment from Positive Technologies, which disclosed the software vulnerability in December (tracked as CVE-2019-19781), 19 percent of vulnerable organizations in 158 countries have yet to patch. The U.S. originally accounted for 38 percent of all vulnerable organizations; about 21 percent of those are still running vulnerable instances of the products as of this week, PT said.
For More Details :
https://threatpost.com/critical-citrix-rce-flaw-corporate-lans/152677/
