13/01/2020

Active exploitation of Citrix ADC and Gateway `vpns`

We have been offered advise from our Security partners Dell SecureWorks outlining that their Counter Threat Unit (CTU) researchers are monitoring reports of proof-of-concept code for a Citrix ADC and Gateway `vpns` directory traversal vulnerability (CVE-2019-19781). Unauthenticated attackers could leverage this flaw to execute arbitrary code. The research team has observed attempts to exploit this vulnerability.

Recommended actions:

Clients should review the workaround provided by Citrix and apply updates when available.

References:

Keeping Up To Date With Us Is Easy, Sign Up To Our Newsletter Today!

Stay in touch with emPSN, so that you get the latest e-safety advice and invites to our community events.

Our partners