Security News > 2020 > January > Exploits Published for Citrix ADC Vulnerability, Patches Coming Soon
Exploits targeting the recent Citrix Application Delivery Controller vulnerability have already been published online, yet security patches will not be available for at least another week.
Impacting both Citrix ADC and Citrix Gateway, the vulnerability is tracked as CVE-2019-19781 and could lead to code execution without authentication, Citrix revealed on December 17, 2019.
Now, Citrix says it is working on security updates to patch the vulnerability, but estimates that at least one more week would pass before the first patches are released.
According to Johannes B. Ullrich, dean of research at the SANS Technology Institute, the scans for vulnerable Citrix ADC systems that he has observed for the past couple of weeks have turned into full-blown exploitation attempts lately.
The U.S. Cybersecurity and Infrastructure Security Agency has also released a utility that allows users to test whether their Citrix ADC and Citrix Gateway software is susceptible to the CVE-2019-19781 vulnerability.
News URL
Related news
- Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor (source)
- APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262) (source)
- Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs (source)
- Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus (source)
- Cisco fixes root escalation vulnerability with public exploit code (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-27 | CVE-2019-19781 | Path Traversal vulnerability in Citrix products An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. | 9.8 |