PT-2020-01: Arbitrary code execution in Citrix ADC

Citrix Application Delivery Controller (ADC) and Gateway


Severity level: High
Impact: Arbitrary code execution in Citrix ADC
Access Vector: Remote

CVSS v3 Base Score: 9.8 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE: CVE-2019-19781

Vulnerability description:

This vulnerability allows an unauthorized, remote attacker to execute malicious code on the system, obtain unauthorized access to published applications, and attack intranet resources of the target organization via Citrix servers.

Advisory status:

05.12.2019 - Vendor gets vulnerability details 19.01.2020, 22.01.2020 23.01.2020, 24.01.2020 - Vendor releases fixed version and details


The vulnerability was discovered by Mikhail Klyuchnikov, Positive Technologies