Security News > 2020 > January > Exploits Published for Citrix ADC Vulnerability, Patches Coming Soon
Exploits targeting the recent Citrix Application Delivery Controller vulnerability have already been published online, yet security patches will not be available for at least another week.
Impacting both Citrix ADC and Citrix Gateway, the vulnerability is tracked as CVE-2019-19781 and could lead to code execution without authentication, Citrix revealed on December 17, 2019.
Now, Citrix says it is working on security updates to patch the vulnerability, but estimates that at least one more week would pass before the first patches are released.
According to Johannes B. Ullrich, dean of research at the SANS Technology Institute, the scans for vulnerable Citrix ADC systems that he has observed for the past couple of weeks have turned into full-blown exploitation attempts lately.
The U.S. Cybersecurity and Infrastructure Security Agency has also released a utility that allows users to test whether their Citrix ADC and Citrix Gateway software is susceptible to the CVE-2019-19781 vulnerability.
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-12-27 | CVE-2019-19781 | Path Traversal vulnerability in Citrix products An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. | 9.8 |