Tuesday, February 18, 2025
HomeCVE/vulnerabilityCitrix Released Permanent Fixes for the Actively Exploited CVE-2019-19781 Flaw in ADC...

Citrix Released Permanent Fixes for the Actively Exploited CVE-2019-19781 Flaw in ADC 11.1 and 12.0

Published on

SIEM as a Service

Follow Us on Google News

Citrix released permanent fixes for CVE-2019-19781 Flaw in ADC 11.1 and 12.0, which would allow an unauthenticated remote attacker to execute arbitrary code on the vulnerable system.

The vulnerability was discovered by Dmitry Serebryannikov from Positive Technologies and the severity of the vulnerability is high. The following are the affected versions.

  • Citrix ADC and Citrix Gateway version 13.0 all supported builds
  • Citrix ADC and NetScaler Gateway version 12.1 all supported builds
  • Citrix ADC and NetScaler Gateway version 12.0 all supported builds
  • Citrix ADC and NetScaler Gateway version 11.1 all supported builds
  • Citrix NetScaler ADC and NetScaler Gateway version 10.5 all supported builds

Permanent Fixes Released

Citrix releases permanent fixes for ADC versions 11.1 and 12.0 and it can be downloaded from here and here.

The fixes applicable for “Citrix ADC and Citrix Gateway Virtual Appliances (VPX) hosted on any of ESX, Hyper-V, KVM, XenServer, Azure, AWS, GCP or on a Citrix ADC Service Delivery Appliance (SDX). SVM on SDX does not need to be updated.”

“It is necessary to upgrade all Citrix ADC and Citrix Gateway 11.1 instances (MPX or VPX) to build 11.1.63.15 to install the security vulnerability fixes. It is necessary to upgrade all Citrix ADC and Citrix Gateway 12.0 instances (MPX or VPX) to build 12.0.63.13 to install the security vulnerability fixes.”

Citrix ADC and Citrix Gateway
VersionRefresh BuildRelease Date
10.510.5.70.x24th January 2020
11.111.1.63.1519th January 2020 (Released)
12.012.0.63.1319th January 2020 (Released)
12.112.1.55.x24th January 2020
13.013.0.47.x24th January 2020
Citrix SD-WAN WANOP  
ReleaseCitrix ADC ReleaseRelease Date
10.2.611.1.51.61524th January 2020
11.0.311.1.51.61524th January 2020

Urgent Patch Required

Since the PoC released attackers started exploiting the flaw to install backdoors on the vulnerable machines. Citrix urges users to apply the fix immediately.

Once the patches applied, you can use the verification tool to ensure the patches have been applied correctly.

Also, CISA released a test tool for administrators and users to check for Citrix Application Delivery Controller (ADC) and Citrix Gateway vulnerability. The tool can be downloaded from GitHub.

Related Coverage

  1. CISA Releases Test Tool for Citrix ADC and Gateway Vulnerability – Sysadmins Can Test Now
  2. PoC Exploit Code Released for Citrix ACD and Gateway Remote Code Execution Vulnerability
  3. Hackers Scanning for Citrix Servers Vulnerable to Remote Code Execution
  4. Critical Vulnerability in Citrix Products Let Hackers Access to 80,000 Companies Internal Network
Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Highly Obfuscated .NET sectopRAT Mimic as Chrome Extension

SectopRAT, also known as Arechclient2, is a sophisticated Remote Access Trojan (RAT) developed using...

Threat Actors Trojanize Popular Games to Evade Security and Infect Systems

A sophisticated malware campaign was launched by cybercriminals, targeting users through trojanized versions of...

New Research Aims to Strengthen MITRE ATT&CK for Evolving Cyber Threats

A recent study by researchers from the National University of Singapore and NCS Cyber...

New LLM Vulnerability Exposes AI Models Like ChatGPT to Exploitation

A significant vulnerability has been identified in large language models (LLMs) such as ChatGPT,...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Highly Obfuscated .NET sectopRAT Mimic as Chrome Extension

SectopRAT, also known as Arechclient2, is a sophisticated Remote Access Trojan (RAT) developed using...

Threat Actors Trojanize Popular Games to Evade Security and Infect Systems

A sophisticated malware campaign was launched by cybercriminals, targeting users through trojanized versions of...

New Research Aims to Strengthen MITRE ATT&CK for Evolving Cyber Threats

A recent study by researchers from the National University of Singapore and NCS Cyber...