Citrix Released Permanent Fixes for the Actively Exploited CVE-2019-19781 Flaw in ADC 11.1 and 12.0
January 21, 2020
CCME (4607 articles)
Share

Citrix Released Permanent Fixes for the Actively Exploited CVE-2019-19781 Flaw in ADC 11.1 and 12.0

Citrix permanent fixes

Citrix released permanent fixes for CVE-2019-19781 Flaw in ADC 11.1 and 12.0, which would allow an unauthenticated remote attacker to execute arbitrary code on the vulnerable system.

The vulnerability was discovered by Dmitry Serebryannikov from Positive Technologies and the severity of the vulnerability is high. The following are the affected versions.

  • Citrix ADC and Citrix Gateway version 13.0 all supported builds
  • Citrix ADC and NetScaler Gateway version 12.1 all supported builds
  • Citrix ADC and NetScaler Gateway version 12.0 all supported builds
  • Citrix ADC and NetScaler Gateway version 11.1 all supported builds
  • Citrix NetScaler ADC and NetScaler Gateway version 10.5 all supported builds

Permanent Fixes Released

Citrix releases permanent fixes for ADC versions 11.1 and 12.0 and it can be downloaded from here and here.

The fixes applicable for “Citrix ADC and Citrix Gateway Virtual Appliances (VPX) hosted on any of ESX, Hyper-V, KVM, XenServer, Azure, AWS, GCP or on a Citrix ADC Service Delivery Appliance (SDX). SVM on SDX does not need to be updated.”

“It is necessary to upgrade all Citrix ADC and Citrix Gateway 11.1 instances (MPX or VPX) to build 11.1.63.15 to install the security vulnerability fixes. It is necessary to upgrade all Citrix ADC and Citrix Gateway 12.0 instances (MPX or VPX) to build 12.0.63.13 to install the security vulnerability fixes.”

Citrix ADC and Citrix Gateway
Version Refresh Build Release Date
10.5 10.5.70.x 24th January 2020
11.1 11.1.63.15 19th January 2020 (Released)
12.0 12.0.63.13 19th January 2020 (Released)
12.1 12.1.55.x 24th January 2020
13.0 13.0.47.x 24th January 2020
Citrix SD-WAN WANOP
Release Citrix ADC Release Release Date
10.2.6 11.1.51.615 24th January 2020
11.0.3 11.1.51.615 24th January 2020

Urgent Patch Required

Since the PoC released attackers started exploiting the flaw to install backdoors on the vulnerable machines. Citrix urges users to apply the fix immediately.

Once the patches applied, you can use the verification tool to ensure the patches have been applied correctly.

Also, CISA released a test tool for administrators and users to check for Citrix Application Delivery Controller (ADC) and Citrix Gateway vulnerability. The tool can be downloaded from GitHub.

This post Citrix Released Permanent Fixes for the Actively Exploited CVE-2019-19781 Flaw in ADC 11.1 and 12.0 originally appeared on GB Hackers.

Read More

Related articles

Let’s Encrypt Hits One Billion Certificate Milestone

Let’s Encrypt Hits One Billion Certificate Milestone

Firefox 70 Released: Added Integrated Breach Alerts, Social Tracking Protection & Fixed 9 Security Bugs

Firefox 70 Released: Added Integrated Breach Alerts, Social Tracking Protection & Fixed 9 Security Bugs

Microsoft Launches XBOX Bounty Program Rewards Up to USD 20,000 for Critical Vulnerabilities

Microsoft Launches XBOX Bounty Program Rewards Up to USD 20,000 for Critical Vulnerabilities