CVE-2019-19781
KEVCitrix ADC, Gateway, and SD-WAN WANOP Appliance Code Execution Vulnerability
9.8
CriticalPublished:
Last updated:
Source:cve@mitre.org
Analyzed
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- Scope
- Unchanged
- Confidentiality
- High
- Integrity
- High
- Availability
- High
Description
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
Exploits
479012020-01-11webappsMultiple
Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution (PoC)
By Project Zero India
479132020-01-13webappsMultiple
Citrix Application Delivery Controller and Gateway 10.5 - Remote Code Execution (Metasploit)
By mekhalleh
479302020-01-16webappsMultiple
Citrix Application Delivery Controller (ADC) and Gateway 13.0 - Path Traversal
By Dhiraj Mishra
References
cve@mitre.org
http://packetstormsecurity.com/files/155904/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution.htmlcve@mitre.org
http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-Traversal-Remote-Code-Execution.htmlcve@mitre.org
https://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2019-19781/cve@mitre.org
https://forms.gle/eDf3DXZAv96oosfj6cve@mitre.org
https://support.citrix.com/article/CTX267027cve@mitre.org
https://www.kb.cert.org/vuls/id/619785af854a3a-2127-422b-91ae-364da2661108
http://packetstormsecurity.com/files/155904/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution.htmlaf854a3a-2127-422b-91ae-364da2661108
http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution-Traversal.htmlaf854a3a-2127-422b-91ae-364da2661108
http://packetstormsecurity.com/files/155930/Citrix-Application-Delivery-Controller-Gateway-10.5-Remote-Code-Execution.htmlaf854a3a-2127-422b-91ae-364da2661108
http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-Traversal-Remote-Code-Execution.htmlaf854a3a-2127-422b-91ae-364da2661108
http://packetstormsecurity.com/files/155972/Citrix-ADC-Gateway-Path-Traversal.htmlaf854a3a-2127-422b-91ae-364da2661108
https://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2019-19781/af854a3a-2127-422b-91ae-364da2661108
https://forms.gle/eDf3DXZAv96oosfj6af854a3a-2127-422b-91ae-364da2661108
https://support.citrix.com/article/CTX267027af854a3a-2127-422b-91ae-364da2661108
https://twitter.com/bad_packets/status/1215431625766424576af854a3a-2127-422b-91ae-364da2661108
https://www.kb.cert.org/vuls/id/619785134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-19781