CVE-2019-19781

Name of the Vulnerable Software and Affected Versions Citrix Application Delivery Controller (ADC) and Gateway versions 10.5 through 13.0

Description The issue exists due to incorrect restriction of the directory path name with limited access. Exploitation of this issue may allow a remote attacker to gain access to published applications and conduct attacks from the Citrix server to other resources within the attacked company's internal network. It is reported that over 125,400 publicly accessible Citrix servers are affected, and there are instances of this issue being actively exploited. The estimated number of potentially affected devices worldwide is significant, with over 25,000 Citrix (NetScaler) endpoints vulnerable. There have been reports of real-world incidents where this issue was exploited, including a ransomware attack on Carnival Corp, which may have been facilitated by unpatched Citrix servers.

Recommendations For versions 10.5 through 13.0, apply the patch released by Citrix to fix the issue. As a temporary workaround, consider restricting access to the vulnerable directory path to minimize the risk of exploitation. Additionally, ensure that all Citrix servers are updated with the latest security patches, and consider implementing additional security measures such as firewalls and intrusion detection systems to prevent exploitation.