Citrix released permanent fixes for CVE-2019-19781 Flaw in ADC 11.1 and 12.0, which would allow an unauthenticated remote attacker to execute arbitrary code on the vulnerable system.
The vulnerability was discovered by Dmitry Serebryannikov from Positive Technologies and the severity of the vulnerability is high. The following are the affected versions.
Citrix releases permanent fixes for ADC versions 11.1 and 12.0 and it can be downloaded from here and here.
The fixes applicable for “Citrix ADC and Citrix Gateway Virtual Appliances (VPX) hosted on any of ESX, Hyper-V, KVM, XenServer, Azure, AWS, GCP or on a Citrix ADC Service Delivery Appliance (SDX). SVM on SDX does not need to be updated.”
“It is necessary to upgrade all Citrix ADC and Citrix Gateway 11.1 instances (MPX or VPX) to build 11.1.63.15 to install the security vulnerability fixes. It is necessary to upgrade all Citrix ADC and Citrix Gateway 12.0 instances (MPX or VPX) to build 12.0.63.13 to install the security vulnerability fixes.”
Citrix ADC and Citrix Gateway | ||
---|---|---|
Version | Refresh Build | Release Date |
10.5 | 10.5.70.x | 24th January 2020 |
11.1 | 11.1.63.15 | 19th January 2020 (Released) |
12.0 | 12.0.63.13 | 19th January 2020 (Released) |
12.1 | 12.1.55.x | 24th January 2020 |
13.0 | 13.0.47.x | 24th January 2020 |
Citrix SD-WAN WANOP | ||
Release | Citrix ADC Release | Release Date |
10.2.6 | 11.1.51.615 | 24th January 2020 |
11.0.3 | 11.1.51.615 | 24th January 2020 |
Since the PoC released attackers started exploiting the flaw to install backdoors on the vulnerable machines. Citrix urges users to apply the fix immediately.
Once the patches applied, you can use the verification tool to ensure the patches have been applied correctly.
Also, CISA released a test tool for administrators and users to check for Citrix Application Delivery Controller (ADC) and Citrix Gateway vulnerability. The tool can be downloaded from GitHub.
GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting the growing, widespread use and potential…
In 2023, C2A Security added multiple OEMs and Tier 1s to its portfolio of customers, successful evaluations, and partnerships such…
Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and education. The latest update, Wireshark 4.2.4,…
Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered platform designed to redefine how we…
Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information and grant unauthorized access. It's an…
Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including two zero-day exploits showcased at the…