CVE-2019-19781: Unauthenticated Remote Code Execution Vulnerability in Citrix ADCs and Gateways
Citrix urges customers to apply mitigation steps for CVE-2019-19781, a remote code execution vulnerability exploitable through specially crafted HTTP requests to vulnerable devices.
Contexto
Citrix has released an advisory for CVE-2019-19781, a vulnerability in Citrix Application Delivery Controller (ADC) and Citrix Gateway that could allow an unauthenticated attacker to execute code on the affected devices. Users are encouraged to apply the provided mitigation steps as quickly as possible.
Análise
While Citrix does not detail the exact nature of the vulnerability in the advisory, the recommended mitigation steps seem to block HTTP based VPN requests with additional components that could potentially contain code. This implies that there is unsanitized code in the VPN handler for these devices. The mitigation, therefore checks for incoming HTTP-based VPN requests, and sends a 403 FORBIDDEN response whenever requests with the exploit format are detected.
According to Citrix, the following devices are identified as vulnerable:
- Citrix ADC and Citrix Gateway version 13.0 all supported builds
- Citrix ADC and NetScaler Gateway version 12.1 all supported builds
- Citrix ADC and NetScaler Gateway version 12.0 all supported builds
- Citrix ADC and NetScaler Gateway version 11.1 all supported builds
- Citrix NetScaler ADC and NetScaler Gateway version 10.5 all supported builds
Solução
Depending on an organization's device setup, mitigation options are listed for each Citrix device configuration to mitigate this vulnerability. Citrix has stated that an update will be available at a later date, at which time users can remove the mitigation and upgrade.
Identificação de sistemas afetados
A list of Tenable plugins to identify this vulnerability will appear here as they’re released.
Obtenha mais informações
Junte-se à equipe de resposta de segurança da Tenable na Tenable.
Saiba mais sobre a Tenable, a primeira plataforma de Cyber Exposure para o gerenciamento holístico da sua superfície de ataque moderna.
Obtenha uma avaliação gratuita por 30 dias do Vulnerability Management da Tenable.io.
Artigos relacionados
Cybersecurity Snapshot: 6 Things That Matter Right Now
September 16, 2022Topics that are top of mind for the week ending Sept. 16 | How cybersecurity excellence boosts business | CISOs on a vendor-consolidation campaign | A quick check on converged OT/IT cybersecurity | Guides to help developers beef up on security | And much more!
AA22-257A: Cybersecurity Agencies Issue Joint Advisory on Iranian Islamic Revolutionary Guard Corps-Affiliated Attacks
September 15, 2022Several global cybersecurity agencies publish a joint advisory detailing efforts by Iranian-government sponsored threat actors exploiting vulnerabilities to enable ransomware attacks.
CVE-2022-40139: Vulnerability in Trend Micro Apex One Exploited in the Wild
September 14, 2022Trend Micro has patched six vulnerabilities in its Apex One on-prem and software-as-a-service products, one of which has been exploited in the wild.
The shift to integrated cybersecurity platforms: a growing trend among CISOs
September 27, 2022New ESG and ISSA study shows nearly half of organizations are shifting towards integrated cybersecurity platforms. Here’s why many CISOs are making the shift. Less complexity, more security. The...
Cybersecurity Snapshot: 6 Things That Matter Right Now
September 23, 2022Topics that are top of mind for the week ending Sept. 23 | A digital trust disconnect between theory and practice | Don’t ignore attack surface management | An SBOM 101 | Report finds hackers targeting small businesses | And much more!
$1 Billion State and Local Cybersecurity Grant Program Now Open for Applicants
September 22, 2022As threats continue to evolve, state and local governments benefit from federal grant funding to bolster their cybersecurity posture.
- Gerenciamento de vulnerabilidades
