We have been offered advise from our Security partners Dell SecureWorks outlining that their Counter Threat Unit (CTU) researchers are monitoring reports of proof-of-concept code for a Citrix ADC and Gateway `vpns` directory traversal vulnerability (CVE-2019-19781). Unauthenticated attackers could leverage this flaw to execute arbitrary code. The research team has observed attempts to exploit this vulnerability.
Recommended actions:
Clients should review the workaround provided by Citrix and apply updates when available.
References:
- https://support.citrix.com/article/CTX267027
- https://support.citrix.com/article/CTX267679
- https://twitter.com/bad_packets/status/1215431625766424576
- http://www.kb.cert.org/vuls/id/619785
- https://github.com/Neo23x0/sigma/blob/master/rules/web/web_citrix_cve_2019_19781_exploit.yml
- https://isc.sans.edu/forums/diary/A+Quick+Update+on+Scanning+for+CVE201919781+Citrix+ADC+Gateway+Vulnerability/25686/
- https://www.ptsecurity.com/ww-en/about/news/citrix-vulnerability-allows-criminals-to-hack-networks-of-80000-companies/
- https://www.tripwire.com/state-of-security/vert/citrix-netscaler-cve-2019-19781-what-you-need-to-know/
- https://nvd.nist.gov/vuln/detail/CVE-2019-19781