Citrix ADC Vulnerability Creates Unwanted Christmas PresentJanuary 16th, 2020 by Mark Curry
**UPDATE 24 JAN 2020 – Citrix have now released permanent fixes to address the CVE-2019-19781 vulnerability for Citrix Application Delivery Controller (ADC) and Citrix Gateway.**
Before Christmas a vulnerability was identified in Citrix Application Delivery Controller (ADC), formerly known as NetScaler ADC, as well as in Citrix Gateway, formerly known as NetScaler Gateway. This CVE-2019-19781 vulnerability, if exploited, could allow an unauthenticated party to perform arbitrary code execution. This issue impacts all ADC and ADC Gateway versions 10.5 through 13.0.
A Positive Technologies report from December estimates that the vulnerability could potentially expose the networks of over 80,000 firms across 158 countries.
Luckily for BrightCloud customers our support team and consultants worked late on Christmas Eve to finish off applying the mitigations for all our customers with an ADC managed service to make sure they were protected over the Christmas break. Please see this Citrix Knowledge Center article for instructions on how to apply the mitigation.
Recent reports estimate that around 26,000 ADCs have still not had the mitigation applied – so don’t delay.
🚨 In my Citrix ADC honeypot, CVE-2019-19781 is being probed with attackers reading sensitive credential config files remotely using ../ directory traversal (a variant of this issue). So this is in the wild, active exploitation starting up. 🚨 https://t.co/pDZ2lplSBj
— Kevin Beaumont (@GossiTheDog) January 8, 2020
Every single system I’ve spot checked so far has been vulnerable; this will burn people for a while. Take steps to defend yourself ASAP. https://t.co/hmmfUxfe8f
— —(÷[ Nate Warfield ]÷)— (@n0x08) January 9, 2020
It is worth noting that network scans to detect the presence of this vulnerability also detect deployments behind a firewall, so not all devices found are exploitable.