PT-2020-01: Arbitrary code execution in Citrix ADC

CRITICAL
(9.8) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What are the security threats on your network?

Check your traffic-for free
Request pilot

Vulnerable product:

Citrix Application Delivery Controller (ADC) and Gateway

Severity:

Severity level: High
Impact: Arbitrary code execution in Citrix ADC
Access Vector: Remote

CVSS v3 Base Score: 9.8 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE: CVE-2019-19781

Vulnerability description:

This vulnerability allows an unauthorized, remote attacker to execute malicious code on the system, obtain unauthorized access to published applications, and attack intranet resources of the target organization via Citrix servers.

Advisory status:

05.12.2019 - Vendor gets vulnerability details
19.01.2020, 22.01.2020 23.01.2020, 24.01.2020 - Vendor releases fixed version and details

Credits:

The vulnerability was discovered by Mikhail Klyuchnikov, Positive Technologies

Identifier:
CVE-2019-19781
Vendor:
Citrix
Vulnerable product:
Citrix Application Delivery Controller (ADC) and Gateway

Get in touch

Fill in the form and our specialists
will contact you shortly