Vulnerability Details CVE-2019-19781
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.944
EPSS Ranking 100.0%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Proposed Action
Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an unspecified vulnerability that could allow an unauthenticated attacker to perform code execution.
Ransomware Campaign
Known
References
- http://packetstormsecurity.com/files/155904/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution-Traversal.html
- http://packetstormsecurity.com/files/155930/Citrix-Application-Delivery-Controller-Gateway-10.5-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-Traversal-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/155972/Citrix-ADC-Gateway-Path-Traversal.html
- https://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2019-19781/
- https://forms.gle/eDf3DXZAv96oosfj6
- https://support.citrix.com/article/CTX267027
- https://twitter.com/bad_packets/status/1215431625766424576
- https://www.kb.cert.org/vuls/id/619785
- http://packetstormsecurity.com/files/155904/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution-Traversal.html
- http://packetstormsecurity.com/files/155930/Citrix-Application-Delivery-Controller-Gateway-10.5-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-Traversal-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/155972/Citrix-ADC-Gateway-Path-Traversal.html
- https://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2019-19781/
- https://forms.gle/eDf3DXZAv96oosfj6
- https://support.citrix.com/article/CTX267027
- https://twitter.com/bad_packets/status/1215431625766424576
- https://www.kb.cert.org/vuls/id/619785
Products affected by CVE-2019-19781
-
cpe:2.3:h:citrix:application_delivery_controller:-
-
cpe:2.3:h:citrix:gateway:-
-
cpe:2.3:h:citrix:netscaler_gateway:-
-
cpe:2.3:o:citrix:application_delivery_controller_firmware:10.5
-
cpe:2.3:o:citrix:application_delivery_controller_firmware:11.1
-
cpe:2.3:o:citrix:application_delivery_controller_firmware:12.0
-
cpe:2.3:o:citrix:application_delivery_controller_firmware:12.1
-
cpe:2.3:o:citrix:application_delivery_controller_firmware:13.0
-
cpe:2.3:o:citrix:gateway_firmware:13.0
-
cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5
-
cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1
-
cpe:2.3:o:citrix:netscaler_gateway_firmware:12.0
-
cpe:2.3:o:citrix:netscaler_gateway_firmware:12.1