The Cybersecurity and Infrastructure Security Agency (CISA) has released a utility that enables users and administrators to test whether their Citrix Application Delivery Controller (ADC) and Citrix Gateway software is susceptible to the CVE-2019-19781 vulnerability. According to Citrix Security Bulletin CTX267027, beginning on January 20, 2020, Citrix will be releasing new versions of Citrix ADC and Citrix Gateway that will patch Citrix Security Vulnerability CVE-2019-19781.
CISA strongly advises affected organizations to review CERT/CC’s Vulnerability Note VU#619785 and Citrix Security Bulletin CTX267027 and apply the mitigations until Citrix releases new versions of the software.
The above follows a recently discovered vulnerability in Citrix ADC (former Netscaler). Details of the CVE can be found at: (https://support.citrix.com/article/CTX267027). There is no permanent fix yet but Citrix has published a workaround and estimated delivery of firmware patches: https://support.citrix.com/article/CTX267679. This CVE has been listed also in the National Vulnerability Database (NVD) of US NIST: https://nvd.nist.gov/vuln/detail/CVE-2019-19781.
Details of the CVE can also be found at: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19781 and https://www.cvedetails.com/vendor/422/Citrix.html.