Security News > 2020 > January > First patches for the Citrix ADC, Gateway RCE flaw released
As attackers continue to hit vulnerable Citrix ADC and Gateway installations, Citrix has released permanent fixes for some versions and has promised to provide them for other versions and for two older versions of SD-WAN WANOP by January 24.
CVE-2019-19781, a critical vulnerability affecting Citrix ADC and Gateway that may allow unauthenticated attackers to achieve remote code execution and obtain direct access to an organization's local network from the internet, was responsibly disclosed last December.
In the meantime, Citrix confirmed that some SD-WAN WANOP versions are also vulnerable to CVE-2019-19781 as they include Citrix ADC as a load balancer, and that the offered mitigation steps will work on them.
"These fixes also apply to Citrix ADC and Citrix Gateway Virtual Appliances hosted on any of ESX, Hyper-V, KVM, XenServer, Azure, AWS, GCP or on a Citrix ADC Service Delivery Appliance. SVM on SDX does not need to be updated," Serna pointed out.
By the way: CISA has released last week a utility that enables users and administrators to test whether their Citrix ADC and Citrix Gateway firmware is susceptible to the CVE-2019-19781 vulnerability.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/bIBEP17d--g/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-27 | CVE-2019-19781 | Path Traversal vulnerability in Citrix products An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. | 9.8 |