On 17/12/2019 Citrix released security bulletin CTX267027, announcing a vulnerability in Citrix Application Delivery Controller (ADC), formerly known as NetScaler ADC, and Citrix Gateway, formerly known as NetScaler Gateway that could lead to arbitrary code execution. Exploiting the flaw could allow an attacker to directly access the target firm’s local network without the need to compromise other accounts.

DHS CISA released a public domain tool designed to help security staff to test if their organisations are vulnerable to ongoing attacks that might target the CVE-2019-19781 security flaw.

We strongly recommends all organisations to review CERT/CC’s U#619785 vulnerability note and the Citrix CTX267027 security bulletin to apply the described mitigation measures until new versions of the software will be released.

According to the CTX267027 bulletin, Citrix will be releasing new Citrix ADC and Citrix Gateway versions to patch the CVE-2019-19781 vulnerability starting with January 20, 2020.

The current schedule for Citrix Application Delivery Controller (ADC) and Citrix Gateway CVE-2019-19781 and their corresponding versions is shown below:

Version	Refresh Build	Expected Release Date
10.5	10.5.70.x	31st January 2020
11.1	11.1.63.x	20th January 2020
12.0	12.0.63.x	20th January 2020
12.1	12.1.55.x	27th January 2020
13.0	13.0.47.x	27th January 2020

For more information on how to protect against these vulnerabilities, please contact our cybersecurity experts today.

(Image credit: https://www.bleepingcomputer.com/news/security/cisa-releases-test-tool-for-citrix-adc-cve-2019-19781-vulnerability/)

Smarttech247