Attackers are actively probing for vulnerable Citrix Application Delivery Controller (ADC) and Gateway hosts, while multiple proof-of-concept scripts are released, emphasizing the importance of mitigating this flaw immediately (CVE-2019-19781)

On December 17, Citrix published a support article for CVE-2019-19781, a path traversal flaw in Citrix ADC and Citrix Gateway, both of which were formerly known as NetScaler ADC and NetScaler Gateway. Citrix cautioned that successful exploitation could result in an unauthenticated attacker gaining remote code execution. As of January 10, Citrix has not yet patched the vulnerability, however has provided mitigation steps to thwart exploitation attempts.

On January 3, SANS Internet Storm Center (ISC) observed exploitation attempts against honeypot hosts and warned the community of active scanning for this flaw. In the days that followed, additional details were released by multiple security researchers investigating the flaw and several confirming successful exploitation. As of January 10, public proof-of-concept code has been released and all users are encouraged to apply the mitigations as soon as possible.

You can read more about this on our blog.