CVE Citrix

Citrix Security Vulnerability CVE-2019-19781

The Cybersecurity and Infrastructure Security Agency (CISA) has released a utility that enables users and administrators to test whether their Citrix Application Delivery Controller (ADC) and Citrix Gateway software is susceptible to the CVE-2019-19781 vulnerability. According to Citrix Security Bulletin CTX267027, beginning on January 20, 2020, Citrix will be releasing new versions of Citrix ADC and Citrix Gateway that will patch CVE-2019-19781.

CISA strongly advises affected organizations to review CERT/CC’s Vulnerability Note VU#619785 and Citrix Security Bulletin CTX267027 and apply the mitigations until Citrix releases new versions of the software.

The above follows a recently discovered vulnerability in Citrix ADC (former Netscaler). Details of the CVE can be found at: (https://support.citrix.com/article/CTX267027). There is no permanent fix yet but Citrix has published a workaround and estimated delivery of firmware patches: https://support.citrix.com/article/CTX267679. This CVE has been listed also in the National Vulnerability Database (NVD) of US NIST: https://nvd.nist.gov/vuln/detail/CVE-2019-19781.

Details of the CVE can also be found at: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19781 and https://www.cvedetails.com/vendor/422/Citrix.html.

Source:

https://www.us-cert.gov/ncas/current-activity/2020/01/13/cisa-releases-test-citrix-adc-and-gateway-vulnerability

About The Author