The version of Citrix ADC or Citrix NetScaler Gateway SSL VPN running on the remote web server is affected by a path traversal vulnerability that can lead to remote code execution. An unauthenticated, remote attacker can exploit this issue, by sending a specially crafted HTTP request to perform a path traversal that can lead to acheiving remote code execution.

Binary data citrix_ssl_vpn_CVE-2019-19781.nbin

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19781

www.nessus.org/u?b3a23e8d

support.citrix.com/article/CTX267027

support.citrix.com/article/CTX267679

packetstorm 6

attackerkb 2

cisa 4

githubexploit 44

ics 19

thn 14

exploitpack 4

exploitdb 4

malwarebytes 4

cvelist 1

krebs 1

rapid7blog 2

nvd 1

symantec 1

zdt 3

prion 1

nuclei 1

cve 1

nessus 2

qualysblog 9

ptsecurity 1

metasploit 2

cisa_kev 1

freebsd 1

citrix 1

fireeye 5

cert 1

impervablog 2

canvas 1

checkpoint_advisories 1

talosblog 3

threatpost 23

kitploit 2

securelist 1

mssecure 2

avleonov 2

mmpc 1

packetstorm

Citrix Application Delivery Controller / Gateway 10.5 Remote Code Execution

2020-01-13 00:00:00

Citrix ADC / Gateway Path Traversal

2020-01-16 00:00:00

Citrix Application Delivery Controller / Gateway Remote Code Execution / Traversal

2020-01-11 00:00:00

attackerkb

CVE-2019-19781

2019-11-05 00:00:00

CVE-2020-12271: Sophos XG Firewall Pre-Auth SQL Injection Vulnerability

2020-04-27 00:00:00

cisa

CISA Releases Test for Citrix ADC and Gateway Vulnerability

2020-01-13 00:00:00

Citrix Releases Security Updates for SD-WAN WANOP

2020-01-23 00:00:00

Citrix Adds SD-WAN WANOP, Updated Mitigations to CVE-2019-19781 Advisory

2020-01-17 00:00:00

githubexploit

Exploit for Path Traversal in Citrix Application Delivery Controller Firmware

2020-01-28 12:09:51

Exploit for Path Traversal in Citrix Application Delivery Controller Firmware

2020-01-11 00:08:27

Exploit for Path Traversal in Citrix Application Delivery Controller Firmware

2020-01-16 10:09:05

ics

Russian Foreign Intelligence Service (SVR) Cyber Operations: Trends and Best Practices for Network Defenders

2021-04-26 12:00:00

COVID-19 Exploited by Malicious Cyber Actors

2020-04-08 12:00:00

Critical Vulnerability in Citrix Application Delivery Controller, Gateway, and SD-WAN WANOP

2020-05-21 12:00:00

thn

A Patient Dies After Ransomware Attack Paralyzes German Hospital Systems

2020-09-21 10:20:00

Citrix Releases Patches for Critical ADC Vulnerability Under Active Attack

2020-01-20 14:24:00

PoC Exploits Released for Citrix ADC and Gateway RCE Vulnerability

2020-01-11 10:21:00

exploitpack

Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution

2020-01-11 00:00:00

Citrix Application Delivery Controller and Gateway 10.5 - Remote Code Execution (Metasploit)

2020-01-13 00:00:00

Citrix Application Delivery Controller (ADC) and Gateway 13.0 - Path Traversal

2020-01-16 00:00:00

exploitdb

Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution (PoC)

2020-01-11 00:00:00

Citrix Application Delivery Controller and Gateway 10.5 - Remote Code Execution (Metasploit)

2020-01-13 00:00:00

Citrix Application Delivery Controller (ADC) and Gateway 13.0 - Path Traversal

2020-01-16 00:00:00

malwarebytes

Healthcare security update: death by ransomware, what’s next?

2020-10-08 15:30:00

Patch now! NSA, CISA, and FBI warn of Russian intelligence exploiting 5 vulnerabilities

2021-04-16 14:59:38

Atomic research institute breached via VPN vulnerability

2021-06-21 13:53:03

cvelist

CVE-2019-19781

2019-12-27 13:06:46

krebs

Hackers Were Inside Citrix for Five Months

2020-02-19 15:55:04

rapid7blog

NICER Protocol Deep Dive: Internet Exposure of Citrix ADC/NetScaler

2020-11-04 15:24:04

Defending Against the Zero Day: Analyzing Attacker Behavior Post-Exploitation of Microsoft Exchange

2021-03-23 14:04:36

nvd

CVE-2019-19781

2019-12-27 14:15:12

symantec

Multiple Citrix Products CVE-2019-19781 Remote Code Execution Vulnerability

2019-12-17 00:00:00

zdt

Citrix Application Delivery Controller (ADC) and Gateway 13.0 - Path Traversal Exploit

2020-01-16 00:00:00

Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution Vulnerability (1)

2020-01-11 00:00:00

Citrix Application Delivery Controller and Gateway 10.5 - Remote Code Execution Exploit

2020-01-13 00:00:00

prion

Directory traversal

2019-12-27 14:15:00

nuclei

Citrix ADC and Gateway - Directory Traversal

2020-04-05 22:27:04

cve

CVE-2019-19781

2019-12-27 14:15:12

nessus

Citrix ADC and Citrix NetScaler Gateway Arbitrary Code Execution (CTX267027)

2019-12-24 00:00:00

FreeBSD : Template::Toolkit -- Directory traversal on write (2bab995f-36d4-11ea-9dad-002590acae31)

2020-01-15 00:00:00

qualysblog

Citrix ADC and Gateway Remote Code Execution Vulnerability (CVE-2019-19781)

2020-01-09 00:12:26

Nefilim Ransomware

2021-05-12 15:34:00

Russia-Ukraine Crisis: How to Strengthen Your Security Posture to Protect against Cyber Attack, based on CISA Guidelines

2022-02-26 20:20:32

ptsecurity

PT-2020-01: Arbitrary code execution in Citrix ADC

2019-05-12 00:00:00

metasploit

Citrix ADC (NetScaler) Directory Traversal Scanner

2020-01-13 22:39:05

Citrix ADC (NetScaler) Directory Traversal RCE

2021-04-16 00:13:25

cisa_kev

Citrix ADC, Gateway, and SD-WAN WANOP Appliance Code Execution Vulnerability

2021-11-03 00:00:00

freebsd

Template::Toolkit -- Directory traversal on write

2019-12-13 00:00:00

citrix

CVE-2019-19781 - Vulnerability in Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance

2019-12-17 05:00:00

fireeye

Nice Try: 501 (Ransomware) Not Implemented

2020-01-24 17:00:00

404 Exploit Not Found: Vigilante Deploying Mitigation for Citrix NetScaler Vulnerability While Maintaining Backdoor

2020-01-16 00:00:00

Putting the Model to Work: Enabling Defenders With Vulnerability Intelligence — Intelligence for Vulnerability Management, Part Four

2020-04-27 12:30:00

cert

Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP web server vulnerability

2020-01-08 00:00:00

impervablog

Imperva Mitigates Exploits of Citrix Vulnerability – Right Out of the Box

2020-01-19 15:00:50

Australian Cyber Attack Vectors Blocked Out of the Box by Imperva WAF

2020-07-06 15:01:00

canvas

Immunity Canvas: NETSCALER_TRAVERSAL_RCE

2019-12-27 14:15:00

checkpoint_advisories

Citrix Multiple Products Directory Traversal (CVE-2019-19781)

2020-01-09 00:00:00

talosblog

Threat Source newsletter (Jan. 30, 2020)

2020-01-30 11:00:12

New Snort rules protect against recently discovered Citrix vulnerability

2020-01-15 11:41:36

Threat Source newsletter (Jan. 16, 2019)

2020-01-23 07:27:43

threatpost

RSAC 2019: Microsoft Zero-Day Allows Exploits to Sneak Past Sandboxes

2019-03-05 11:00:03

Citrix Accelerates Patch Rollout For Critical RCE Flaw

2020-01-21 17:19:28

Critical Citrix Bug Puts 80,000 Corporate LANs at Risk

2019-12-26 19:17:55

kitploit

ShonyDanza - A Customizable, Easy-To-Navigate Tool For Researching, Pen Testing, And Defending With The Power Of Shodan

2021-12-01 20:30:00

ShonyDanza - A Customizable, Easy-To-Navigate Tool For Researching, Pen Testing, And Defending With The Power Of Shodan

2021-12-27 20:30:00

securelist

Incident Response Analyst Report 2019

2020-08-06 10:00:34

mssecure

Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk

2020-04-28 16:00:49

Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself

2022-05-09 13:00:00

avleonov

Security News: Exchange ProxyShell, Zoom RCE, Citrix Canceled PT Acknowledgments, Cisco No Patch Router RCEs

2021-08-31 23:16:51

Joint Advisory AA22-279A and Vulristics

2022-10-21 20:10:13

mmpc

Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself

2022-05-09 13:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.975

Percentile

100.0%

JSON

Related for CITRIX_SSL_VPN_CVE-2019-19781.NBIN