Integrity360 is actively monitoring a Vulnerability in Citrix Application Delivery Controller and Citrix Gateway (CVE-2019-19781).
The vulnerability has been identified in Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) that, if exploited, could allow an attacker to perform arbitrary code execution.
While Citrix does not detail the exact nature of the vulnerability in the advisory, The National Vulnerability Database explains it as Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').
The vulnerability is leveraging the NetScaler ADC Gateway feature, since it is part of the VPN folder which is accessible when feature is enabled.
The recommended quick fix for mitigation is to block HTTP based VPN requests with additional components that could potentially contain code.
This implies that there is unsanitised code in the VPN handler for these devices. The mitigation, therefore checks for incoming HTTP-based VPN requests, and sends a 403 FORBIDDEN response whenever requests with the exploit format are detected.
Known affected versions
CVE-2019-19781: Vulnerability in Citrix Application Delivery Controller and Citrix Gateway leading to arbitrary code execution
- Citrix ADC and Citrix Gateway version 13.0 all supported builds
- Citrix ADC and NetScaler Gateway version 12.1 all supported builds
- Citrix ADC and NetScaler Gateway version 12.0 all supported builds
- Citrix ADC and NetScaler Gateway version 11.1 all supported builds
- Citrix NetScaler ADC and NetScaler Gateway version 10.5 all supported builds
Citrix expects to have firmware updates in the form of refresh builds to be available across all supported versions of Citrix ADC and Citrix Gateway before the end of January 2020. Please refer to the table below for the expected release dates.
Should you require assistance with applying the fix or upgrading, please contact your account manager or email firstname.lastname@example.org. As always, Integrity360 Managed Security Service customers will already be covered through our proactive security approach.