The Citrix remote code execution vulnerability affects all versions of the company’s Application Delivery Controller (ADC) and Citrix Gateway products. Over 25,000 servers globally are vulnerable to the vulnerability, according to the Bad Packets Report. A patch will not be available until late January, Citrix has announced. Security experts warn customers to apply mitigations until a patch is available until the end of January 2020. The vulnerability was first disclosed on Dec. 17, but it is extremely easy to exploit.
Source: https://threatpost.com/unpatched-citrix-flaw-exploits/151748/