It has come to our attention that there is a security risk that could affect some customers. It involves a vulnerability in the Citrix Application Delivery Controller and the Citrix Gateway.
A vulnerability has been identified in Citrix Application Delivery Controller (ADC) formerly known as NetScaler ADC and Citrix Gateway formerly known as NetScaler Gateway that, if exploited, could allow an unauthenticated attacker to perform arbitrary code execution.
The vulnerability has been assigned the following CVE number:
CVE-2019-19781 : Vulnerability in Citrix Application Delivery Controller and Citrix Gateway leading to arbitrary code execution
The vulnerability affects all supported product versions and all supported platforms:
- Citrix ADC and Citrix Gateway version 13.0 all supported builds
- Citrix ADC and NetScaler Gateway version 12.1 all supported builds
- Citrix ADC and NetScaler Gateway version 12.0 all supported builds
- Citrix ADC and NetScaler Gateway version 11.1 all supported builds
- Citrix NetScaler ADC and NetScaler Gateway version 10.5 all supported builds
How do I Remediate?
Ward Solutions recommended that a responder policy is deployed as an interim solution, as a matter of urgency, until Citrix release a version where this vulnerability is fixed. Citrix has provided the following guideline to implement the responder policy to the Citrix servers as an interim solution:
https://support.citrix.com/article/CTX267679
How Can Ward Help?
If you would like additional information or would like support in assessing and protecting your environment, please contact us.