Security advisories

Critical Citrix Vulnerability Exploited

January 10, 2020 | 1 MIN READ

Speak With A Security Expert Now

TALK TO AN EXPERT

The Threat

The security community has observed active exploitation targeting Citrix vulnerability CVE-2019-19781 [1] which allows code execution via simple directory traversal [2][3]. In observed cases, the threat actor was observed querying credential configuration on active honeypots, implying an opportunistic campaign. Due to the ease of this exploit, observation of active exploitation, and the possibility of credential theft, eSentire Threat Intelligence recommends immediately following the mitigation steps provided by Citrix.

What we’re doing about it

What you should do about it

Additional information

This vulnerability allows simple directory traversal by a remote attacker in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. No patches have been made available at this time.

References:

[1] https://support.citrix.com/article/CTX267027

[2] https://twitter.com/GossiTheDog/status/1214892555306971138

[3]https://isc.sans.edu/forums/diary/Some+Thoughts+About+the+Critical+Citrix+ADCGateway+Vulnerability+CVE201919781/25660/

[4] https://support.citrix.com/article/CTX267679

[5] https://www.ptsecurity.com/ww-en/about/news/citrix-vulnerability-allows-criminals-to-hack-networks-of-80000-companies/

View Most Recent Advisories