Security News > 2020 > January > Attackers exploiting critical Citrix ADC, Gateway flaw, company yet to release fixes

Attackers exploiting critical Citrix ADC, Gateway flaw, company yet to release fixes
2020-01-09 13:56

Nearly a month has passed since Citrix released mitigation measures for CVE-2019-19781, a critical vulnerability affecting Citrix Application Delivery Controller and Citrix Gateway, which could lead to remote code execution.

Citrix Gateway is a secure remote access network gateway solution that is offered as a cloud service or an on-premises solution.

Citrix ADC and Citrix Gateway version 13.0 all supported builds.

Citrix NetScaler ADC and NetScaler Gateway version 10.5 all supported builds.

"Depending on specific configuration, Citrix applications can be used for connecting to workstations and critical business systems. In almost every case, Citrix applications are accessible on the company network perimeter, and are therefore the first to be attacked. This vulnerability allows any unauthorized attacker to not only access published applications, but also attack other resources of the company's internal network from the Citrix server," they explained, but did not share more specific details about the flaw.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/TpawZ4tcWF4/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2019-12-27 CVE-2019-19781 Path Traversal vulnerability in Citrix products
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0.
network
low complexity
citrix CWE-22
critical
 9.8
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Citrix 119 20 183 81 65 349