First published: Fri Dec 27 2019(Updated: )
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Citrix Application Delivery Controller Firmware | =10.5 | |
Citrix Application Delivery Controller Firmware | =11.1 | |
Citrix Application Delivery Controller Firmware | =12.0 | |
Citrix Application Delivery Controller Firmware | =12.1 | |
Citrix Application Delivery Controller Firmware | =13.0 | |
Citrix Application Delivery Controller | ||
Citrix Netscaler Gateway Firmware | =10.5 | |
Citrix Netscaler Gateway Firmware | =11.1 | |
Citrix Netscaler Gateway Firmware | =12.0 | |
Citrix Netscaler Gateway Firmware | =12.1 | |
Citrix NetScaler Gateway | ||
Citrix Gateway Firmware | =13.0 | |
Citrix Gateway | ||
Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance | ||
All of | ||
Any of | ||
Citrix Application Delivery Controller Firmware | =10.5 | |
Citrix Application Delivery Controller Firmware | =11.1 | |
Citrix Application Delivery Controller Firmware | =12.0 | |
Citrix Application Delivery Controller Firmware | =12.1 | |
Citrix Application Delivery Controller Firmware | =13.0 | |
Citrix Application Delivery Controller | ||
All of | ||
Any of | ||
Citrix Netscaler Gateway Firmware | =10.5 | |
Citrix Netscaler Gateway Firmware | =11.1 | |
Citrix Netscaler Gateway Firmware | =12.0 | |
Citrix Netscaler Gateway Firmware | =12.1 | |
Citrix NetScaler Gateway | ||
All of | ||
Citrix Gateway Firmware | =13.0 | |
Citrix Gateway |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-19781 is a code execution vulnerability in Citrix ADC Gateway and SD-WAN WANOP Appliance.
CVE-2019-19781 has a severity rating of 9.8, which is considered critical.
Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance firmware versions 10.5, 11.1, 12.0, 12.1, and 13.0 are affected.
An unauthenticated attacker can exploit CVE-2019-19781 to perform code execution.
You can find more information about CVE-2019-19781 at the following references: [link1](http://packetstormsecurity.com/files/155904/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution.html), [link2](http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution-Traversal.html), [link3](http://packetstormsecurity.com/files/155930/Citrix-Application-Delivery-Controller-Gateway-10.5-Remote-Code-Execution.html).