CVE-2019-19781 — CRITICAL (9.8)

Vulnerability Description

An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Citrix	Application Delivery Controller Firmware	10.5
Citrix	Application Delivery Controller	-
Citrix	Netscaler Gateway Firmware	10.5
Citrix	Netscaler Gateway	-
Citrix	Gateway Firmware	13.0
Citrix	Gateway	-

Related Weaknesses (CWE)

CWE-22

References

http://packetstormsecurity.com/files/155904/Citrix-Application-Delivery-ControllThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-ControllThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/155930/Citrix-Application-Delivery-ControllThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-TraveThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/155972/Citrix-ADC-Gateway-Path-Traversal.htThird Party AdvisoryVDB Entry
https://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2Broken LinkThird Party Advisory
https://forms.gle/eDf3DXZAv96oosfj6Third Party Advisory
https://support.citrix.com/article/CTX267027Vendor Advisory
https://twitter.com/bad_packets/status/1215431625766424576Broken LinkThird Party Advisory
https://www.kb.cert.org/vuls/id/619785Third Party AdvisoryUS Government Resource
http://packetstormsecurity.com/files/155904/Citrix-Application-Delivery-ControllThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-ControllThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/155930/Citrix-Application-Delivery-ControllThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-TraveThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/155972/Citrix-ADC-Gateway-Path-Traversal.htThird Party AdvisoryVDB Entry

FAQ

What is CVE-2019-19781?

CVE-2019-19781 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.

How severe is CVE-2019-19781?

CVE-2019-19781 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-19781?

Check the references section above for vendor advisories and patch information. Affected products include: Citrix Application Delivery Controller Firmware, Citrix Application Delivery Controller, Citrix Netscaler Gateway Firmware, Citrix Netscaler Gateway, Citrix Gateway Firmware.