Security News > 2020 > January > Severe Citrix Flaw: Proof-of-Concept Exploit Code Released

Severe Citrix Flaw: Proof-of-Concept Exploit Code Released
2020-01-13 11:19

Technology giant Citrix says it's racing to develop patches to fix a severe flaw in its software, for which proof-of-concept exploit code has now been released.

Designated CVE-2019-19781, the directory traversal flaw has been present in Citrix's code for nearly six years, but only came to light - at least publicly - in December 2019.

Project Zero India's dump of the exploit code prompted consultancy TrustedSec to shortly thereafter release its own proof-of-concept exploit code.

Citrix has warned that the flaw is remotely exploitable and could allow access to applications and the internal network.

In its announcement of the flaw, posted on Dec. 23, 2019, the security firm said that Citrix "Responded very promptly, by creating and releasing a set of risk mitigation measures within just a couple of weeks after the vulnerability was discovered," adding that "From our experience, we know that in many cases it can take months."


News URL

https://www.inforisktoday.com/severe-citrix-flaw-proof-of-concept-exploit-code-released-a-13600

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2019-12-27 CVE-2019-19781 Path Traversal vulnerability in Citrix products
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0.
network
low complexity
citrix CWE-22
critical
 9.8
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Citrix 115 19 174 75 63 331