A utility released enabling users and administrators to test whether their Citrix Application Delivery Controller (ADC) and Citrix Gateway software is susceptible to the CVE-2019-19781 vulnerability, said officials at the CISA.

The vulnerability (CVE-2019-19781) is in the Citrix Application Delivery Controller (ADC) formerly known as NetScaler ADC and Citrix Gateway formerly known as NetScaler Gateway that, if exploited, could allow an unauthenticated attacker to perform arbitrary code execution.

The vulnerability affects all supported product versions and all supported platforms, including:
• Citrix ADC and Citrix Gateway version 13.0 all supported builds
• Citrix ADC and NetScaler Gateway version 12.1 all supported builds
• Citrix ADC and NetScaler Gateway version 12.0 all supported builds
• Citrix ADC and NetScaler Gateway version 11.1 all supported builds
• Citrix NetScaler ADC and NetScaler Gateway version 10.5 all supported builds

Click here to download the utility.

Schneider Bold

Citrix said users should immediately apply the mitigation. Customers should then upgrade all of their vulnerable appliances to a fixed version of the appliance firmware when released.

Beginning on January 20, Citrix will be releasing new versions of Citrix ADC and Citrix Gateway that will patch CVE-2019-19781.

The following knowledge base article contains the steps to deploy a responder policy to mitigate the issue in the interim until a permanent fix is available.

Pin It on Pinterest

Share This