CISA Releases Test Tool for Citrix ADC CVE-2019-19781 Vulnerability

Raluca Saceanu

Raluca Saceanu

CISA Releases Test Tool for Citrix ADC CVE-2019-19781 Vulnerability

On 17/12/2019 Citrix released security bulletin CTX267027, announcing a vulnerability in Citrix Application Delivery Controller (ADC), formerly known as NetScaler ADC, and Citrix Gateway, formerly known as NetScaler Gateway that could lead to arbitrary code execution. Exploiting the flaw could allow an attacker to directly access the target firm’s local network without the need to compromise other accounts.

Image result for citrix vulnerability

DHS CISA released a public domain tool designed to help security staff to test if their organisations are vulnerable to ongoing attacks that might target the CVE-2019-19781 security flaw.

We strongly recommends all organisations to review CERT/CC’s U#619785 vulnerability note and the Citrix CTX267027 security bulletin to apply the described mitigation measures until new versions of the software will be released.

According to the CTX267027 bulletin, Citrix will be releasing new Citrix ADC and Citrix Gateway versions to patch the CVE-2019-19781 vulnerability starting with January 20, 2020.

The current schedule for Citrix Application Delivery Controller (ADC) and Citrix Gateway CVE-2019-19781 and their corresponding versions is shown below:

VersionRefresh BuildExpected Release Date
10.510.5.70.x31st January 2020
11.111.1.63.x20th January 2020
12.012.0.63.x20th January 2020
12.112.1.55.x27th January 2020
13.013.0.47.x27th January 2020

For more information on how to protect against these vulnerabilities, please contact our cybersecurity experts today.

(Image credit: https://www.bleepingcomputer.com/news/security/cisa-releases-test-tool-for-citrix-adc-cve-2019-19781-vulnerability/)

Raluca Saceanu

Raluca Saceanu