CVE-2019-19781

critical-risk

Published 2019-12-27

An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.

Do I need to act?

94.4% chance of exploitation in next 30 days

EPSS score — higher than 6% of all CVEs

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

3 public exploits available

47930, 47901, 47913

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Application Delivery Controller Firmware

Netscaler Gateway Firmware

Gateway Firmware

Citrix

Third Party Advisory http://packetstormsecurity.com/files/155904/Citrix-Application-Delivery-Controll...

Third Party Advisory http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controll...

Third Party Advisory http://packetstormsecurity.com/files/155930/Citrix-Application-Delivery-Controll...

Third Party Advisory http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-Trave...

Third Party Advisory http://packetstormsecurity.com/files/155972/Citrix-ADC-Gateway-Path-Traversal.ht...

Broken Link https://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2...

Third Party Advisory https://forms.gle/eDf3DXZAv96oosfj6

Vendor Advisory https://support.citrix.com/article/CTX267027

Broken Link https://twitter.com/bad_packets/status/1215431625766424576

Third Party Advisory https://www.kb.cert.org/vuls/id/619785

Third Party Advisory http://packetstormsecurity.com/files/155904/Citrix-Application-Delivery-Controll...

Third Party Advisory http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controll...

Third Party Advisory http://packetstormsecurity.com/files/155930/Citrix-Application-Delivery-Controll...

Third Party Advisory http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-Trave...

Third Party Advisory http://packetstormsecurity.com/files/155972/Citrix-ADC-Gateway-Path-Traversal.ht...

Broken Link https://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2...

Third Party Advisory https://forms.gle/eDf3DXZAv96oosfj6

Vendor Advisory https://support.citrix.com/article/CTX267027

Broken Link https://twitter.com/bad_packets/status/1215431625766424576

Third Party Advisory https://www.kb.cert.org/vuls/id/619785

and 1 more references

/ 100

critical-risk

Severity 32/34 · Critical

Exploitability 27/34 · High

Exposure 16/34 · Moderate