Helping mitigate the Citrix NetScaler CVE with Cloudflare Access

Citrix has issued a warning about a vulnerability in their Application Delivery Controller (ADC) product that could allow attackers to bypass the administrator portal's login page and execute arbitrary code without authentication. No patch is currently available, but Citrix plans to release fixes for certain versions on January 20th and others at the end of the month. In the meantime, customers are advised to mitigate the vulnerability using recommended steps involving commands from an administrator command line interface. Cloudflare can also help secure the login page and resources protected by the ADC through its Access service, which checks each request for identity and permission. This strategy prevents unauthenticated users from making requests to the portal. The suggested mitigation steps involve enforcing new responder policies for the ADC interface that return 403s when certain paths are requested, blocking unauthenticated users from reaching directories behind the authentication flow. Adding Cloudflare Access and the Cloudflare WAF together with Citrix's recommended mitigation commands can provide layers of security while a patch is in development.