It’s a disgrace that 1000s of customers who are on NetScaler remain vulnerable to exploitation! The common comment is that the product is so complex. No one wants to touch it, so they are afraid to even patch it for vulnerabilities.
And poor Sharefile bet on the NetScaler for storage zones, which is the likely source of their vulnerabilities.
When the same people who ran the business a ground are still leading, what else do you expect?
Time to flush!
The biz strategy of I’ll be gone, you’ll be gone is in full effect.
Yup, the good old attach story left a lot of orphan Netscalers! What a nice sleigh of hand that was to show market growth!
Shhh! TK’s trying to sell Netscaler before anybody can figure out all these problems. We gotta make him rich, or you’ll be laid off.
I did a Shodan scan last night and you can easily tell that the remaining 1500-1800+ Netscalers still unpatched (and probably exploited by now) are long forgotten, flat out unknown to the Cybersecurity team, or are being managed by a Citrix admin or 3rd party partner who knows nothing about Netscalers. So many times I sold Netscalers when I was at Citrix it was an attach, so there was the inevitable discussion and debate at the customer of who's responsible for it in IT. The networking teams almost never wanted to take them on as part of their area of responsibility or expertise because it was usually a niche product that was used only to front-end their Citrix traffic - it wasn't a part of their core networking stack/architecture. So more often than not the responsibility for managing/updating/hardening these things fell on the Citrix sys admins who for the most part are not typically core networking folks. I bet a lot of these are virtual appliances that are just being used as ICA Gateways and haven't been updated in a while.
Could this be why the cost conscious CEO opted to not use the free software despite touting it at his first all hands? Did this mark the downhill spiral from grand visions of a software titan to dumpster fire that doesn’t even use it’s own technology internally? Free with problems is not cheaper than paying for a problem free products, huh?