Daisy have received an advisory relating to a critical vulnerability in the Citrix Application Delivery Controller (ADC) formerly known as NetScaler ADC and Citrix Gateway formerly known as NetScaler Gateway. If exploited this vulnerability could allow an unauthenticated attacker to perform arbitrary code execution. The vulnerability has been assigned CVE-2019-19781 which has a CVSS score of 9.8
Further information relating to the vulnerability is available below
https://support.citrix.com/article/CTX267027
https://support.citrix.com/article/CTX267679
Affected Platforms:
The vulnerability affects all supported product versions and all supported platforms:
- Citrix ADC and Citrix Gateway version 13.0 all supported builds
- Citrix ADC and NetScaler Gateway version 12.1 all supported builds
- Citrix ADC and NetScaler Gateway version 12.0 all supported builds
- Citrix ADC and NetScaler Gateway version 11.1 all supported builds
- Citrix NetScaler ADC and NetScaler Gateway version 10.5 all supported builds
Daisy are progressing with implementing the workaround provided by Citrix and will implement the patch once it has been released by Citrix.
Daisy will continue to closely follow advisories provided by Citrix and the National Cyber Security Centre (NCSC) regarding this vulnerability, and further updates will be posted here as appropriate.