PT-2020-01: Arbitrary code execution in Citrix ADC

CRITICAL
(9.8) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerable product:

Citrix Application Delivery Controller (ADC) and Gateway

Severity:

Severity level: High
Impact: Arbitrary code execution in Citrix ADC
Access Vector: Remote

CVSS v3 Base Score: 9.8 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE: CVE-2019-19781

Vulnerability description:

This vulnerability allows an unauthorized, remote attacker to execute malicious code on the system, obtain unauthorized access to published applications, and attack intranet resources of the target organization via Citrix servers.

Advisory status:

05.12.2019 - Vendor gets vulnerability details
19.01.2020, 22.01.2020 23.01.2020, 24.01.2020 - Vendor releases fixed version and details

Credits:

The vulnerability was discovered by Mikhail Klyuchnikov, Positive Technologies

Identifier:
CVE-2019-19781
Vendor:
Citrix
Vulnerable product:
Citrix Application Delivery Controller (ADC) and Gateway

Get in touch

Fill in the form and our specialists
will contact you shortly