Report incident

Security Alerts

Vulnerability Alert - CITRIX

type Vulnerabilities
Systems AffectedSistemas CITRIX
System Other

Description

It was found a 'Path Traversal' vulnerability due to improper limitation of a pathname to a restricterd directory[2] in the systems bellow:

• Citrix ADC and Citrix Gateway version 13.0
• Citrix ADC and NetScaler Gateway version 12.1
• Citrix ADC and NetScaler Gateway version 12.0
• Citrix ADC and NetScaler Gateway version 11.1
• Citrix NetScaler ADC and NetScaler Gateway version 10.5
• Citrix SD-WAN WANOP software and appliance com os modelos 4000, 4100, 5000, e 5100.

impact

This vulnerability allows an attacker to execute malicious code with a well crafted HTTP request.

Resolution

Update the vulnerable systems following the instructions in [4].
To confirm if the update was successful, there is a tool provided in [5].

References

[1] - https://x1sec.com/CVE-2019-19781-DFIR
[2] - https://nvd.nist.gov/vuln/detail/CVE-2019-19781
[3] - https://www.cybersecurity-help.cz/vdb/SB2020011409?affChecked=1
[4] - https://support.citrix.com/article/CTX267027
[5] - https://support.citrix.com/article/CTX269180