Security News > 2020 > January > Exploits Published for Citrix ADC Vulnerability, Patches Coming Soon

Exploits Published for Citrix ADC Vulnerability, Patches Coming Soon
2020-01-13 12:10

Exploits targeting the recent Citrix Application Delivery Controller vulnerability have already been published online, yet security patches will not be available for at least another week.

Impacting both Citrix ADC and Citrix Gateway, the vulnerability is tracked as CVE-2019-19781 and could lead to code execution without authentication, Citrix revealed on December 17, 2019.

Now, Citrix says it is working on security updates to patch the vulnerability, but estimates that at least one more week would pass before the first patches are released.

According to Johannes B. Ullrich, dean of research at the SANS Technology Institute, the scans for vulnerable Citrix ADC systems that he has observed for the past couple of weeks have turned into full-blown exploitation attempts lately.

The U.S. Cybersecurity and Infrastructure Security Agency has also released a utility that allows users to test whether their Citrix ADC and Citrix Gateway software is susceptible to the CVE-2019-19781 vulnerability.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/xHWR7ZsNOpY/exploits-published-citrix-adc-vulnerability-patches-coming-soon

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2019-12-27 CVE-2019-19781 Path Traversal vulnerability in Citrix products
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0.
network
low complexity
citrix CWE-22
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Citrix 66 2 64 101 46 213