On December 16, 2019, Citrix revealed a vulnerability in the company Application Delivery Controller and Gateway products—commercial virtual private network gateways formerly marketed as NetScaler and used by tens of thousands of companies. The flaw, discovered by Mikhail Klyuchnikov of Positive Technologies, could give an attacker direct access to the local networks behind the gateways from the Internet without the need for an account or authentication using a crafted Web request. Citrix has...

Read the full article at Arstechnica