You are here

Citrix ADC and Gateway Vulnerability - Updated January 21, 2020

Citrix ADC and Gateway Vulnerability - Updated January 21, 2020

Created: Tuesday, January 21, 2020 - 13:11
Categories:
Cyber Security

January 20, 2020

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has published an alert on a critical vulnerability, CVE-2019-19781, that affects Citrix Application Delivery Controller (ADC) and Citrix Gateway versions 11.1 and 12.0. A remote, unauthenticated attacker could exploit the vulnerability to perform arbitrary code execution. This vulnerability has been detected in exploits in the wild. Citrix has released some firmware updates already and expects to release more through January 24. CISA strongly recommends that all users and administrators upgrade their vulnerable appliances as soon as possible once the appropriate firmware update becomes available. Read the advisory at CISA.

January 17, 2020

Citrix has released an article with updates on CVE-2019-19781, a vulnerability affecting Citrix Application Delivery Controller (ADC) and Citrix Gateway. This vulnerability also affects Citrix SD-WAN WANOP product versions 10.2.6 and version 11.0.3. The article includes updated mitigations for Citrix ADC and Citrix Gateway Release 12.1 build 50.28. An attacker could exploit CVE-2019-19781 to take control of an affected system. Citrix plans to begin releasing security updates for affected software starting January 20, 2020.

CISA recommends users and administrators:

Read the advisory at CISA.

January 13, 2020

The U.S. Department of Homeland Security’s (DHS’s) Cybersecurity and Infrastructure Security Agency (CISA) has released a utility that enables users and administrators to test whether their Citrix Application Delivery Controller (ADC) and Citrix Gateway software is susceptible to the CVE-2019-19781 vulnerability. According to Citrix Security Bulletin CTX267027, beginning on January 20, 2020, Citrix will be releasing new versions of Citrix ADC and Citrix Gateway that will patch CVE-2019-19781. CISA strongly advises affected organizations to review CERT/CC’s Vulnerability Note VU#619785 and Citrix Security Bulletin CTX267027 and apply the mitigations until Citrix releases new versions of the software. Read the advisory at CISA.