CVE-2019-19781 : Unauthenticated Remote Code Execution Vulnerability in Citrix ADCs and Gateways
Citrix urges customers to apply mitigation steps for CVE-2019-19781, a remote code execution vulnerability exploitable through specially crafted HTTP requests to vulnerable devices.
Contexte
Citrix has released an advisory for CVE-2019-19781, a vulnerability in Citrix Application Delivery Controller (ADC) and Citrix Gateway that could allow an unauthenticated attacker to execute code on the affected devices. Users are encouraged to apply the provided mitigation steps as quickly as possible.
Analyse
While Citrix does not detail the exact nature of the vulnerability in the advisory, the recommended mitigation steps seem to block HTTP based VPN requests with additional components that could potentially contain code. This implies that there is unsanitized code in the VPN handler for these devices. The mitigation, therefore checks for incoming HTTP-based VPN requests, and sends a 403 FORBIDDEN response whenever requests with the exploit format are detected.
According to Citrix, the following devices are identified as vulnerable:
- Citrix ADC and Citrix Gateway version 13.0 all supported builds
- Citrix ADC and NetScaler Gateway version 12.1 all supported builds
- Citrix ADC and NetScaler Gateway version 12.0 all supported builds
- Citrix ADC and NetScaler Gateway version 11.1 all supported builds
- Citrix NetScaler ADC and NetScaler Gateway version 10.5 all supported builds
Solution
Depending on an organization's device setup, mitigation options are listed for each Citrix device configuration to mitigate this vulnerability. Citrix has stated that an update will be available at a later date, at which time users can remove the mitigation and upgrade.
Identification des systèmes affectés
A list of Tenable plugins to identify this vulnerability will appear here as they’re released.
Où trouver plus d'informations
Rejoignez l'équipe SRT de Tenable sur Tenable Community.
Apprenez-en plus sur Tenable, la première plateforme de Cyber Exposure qui vous permet de gérer votre surface d'attaque moderne de manière globale.
Profitez d'un essai gratuit de 30 jours de Tenable.io Vulnerability Management.
Articles connexes
Cybersecurity Snapshot: CISA Pinpoints Vulnerabilities in Critical Infrastructure Orgs that Ransomware Groups Could Exploit
March 17, 2023Learn about CISA’s new program to help critical infrastructure organizations stamp out vulnerabilities associated with ransomware attacks. Plus, a U.S. government advisory with the latest on LockBit 3.0. Also, find out why the U.K.’s cyber agency is warning users about ChatGPT. And much more!
Microsoft’s March 2023 Patch Tuesday Addresses 76 CVEs (CVE-2023-23397)
March 14, 2023Microsoft’s March 2023 Patch Tuesday Addresses 76 CVEs (CVE-2023-23397) Microsoft addresses 76 CVEs including two zero-days exploited in the wild, one of which was publicly disclosed. 9Critica...
Cybersecurity Snapshot: Find MITRE ATT&CK Complex? Need Help Mapping to It? There’s an App for That!
March 10, 2023Learn about a new tool that streamlines MITRE ATT&CK mapping. Plus, known vulnerabilities remain a major cyber risk – just ask LastPass. Also, discover why SaaS data protection remains difficult. Plus, a look at the U.S. National Cybersecurity Strategy. And much more!
Tenable Cyber Watch: A Look at the U.S. National Cybersecurity Strategy, A Powerful AI Tech Gears Up for Prime Time, and more
March 20, 2023This week’s edition of the Tenable Cyber Watch unpacks the White House’s National Cybersecurity Strategy and explores how artificial intelligence will help cyber teams with complex attacks. Also covered: Why software vendors should prepare to submit letters of attestation to the GSA.
OpenAI’s ChatGPT and GPT-4 Used as Lure in Phishing Email, Twitter Scams to Promote Fake OpenAI Tokens
March 17, 2023Hoping to cash in on the massive interest around OpenAI’s GPT-4 – ChatGPT’s new multimodal model – scammers have launched phishing campaigns via email and Twitter designed to steal cryptocurrency. Check out how they’re carrying out the scams and how you can avoid becoming a victim.
Cybersecurity Snapshot: CISA Pinpoints Vulnerabilities in Critical Infrastructure Orgs that Ransomware Groups Could Exploit
March 17, 2023Learn about CISA’s new program to help critical infrastructure organizations stamp out vulnerabilities associated with ransomware attacks. Plus, a U.S. government advisory with the latest on LockBit 3.0. Also, find out why the U.K.’s cyber agency is warning users about ChatGPT. And much more!
- Gestion des vulnérabilités
