Security News > 2020 > January > Citrix Releases More Patches for Exploited Flaw, Tool to Detect Compromise

Citrix Releases More Patches for Exploited Flaw, Tool to Detect Compromise
2020-01-24 14:31

Citrix has released a new set of patches for the recently disclosed CVE-2019-19781 vulnerability and partnered with FireEye for a tool that tells users if their systems have been compromised via the security flaw.

The vulnerability, disclosed in December 2019, impacts Citrix Application Delivery Controller and Gateway, and two older versions of SD-WAN WANOP. Following the public release of PoC exploits earlier this month, attackers started targeting vulnerable deployments - there are tens of thousands of vulnerable systems out there.

On January 19 the company released the first set of patches for the flaw, addressing it in ADC and Gateway versions 11.1 and 12.0.

Patches were released for the affected SD-WAN WANOP versions.

Available via both the Citrix and FireEye GitHub repositories, a new free scanning tool was released to help customers identify potential indicators of compromise on their systems and take appropriate steps to stay protected.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/dx0SWfX24kE/citrix-releases-more-patches-exploited-flaw-tool-detect-compromise

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2019-12-27 CVE-2019-19781 Path Traversal vulnerability in Citrix products
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0.
network
low complexity
citrix CWE-22
critical
 9.8
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Citrix 66 2 64 101 46 213