Vulnerability Details : CVE-2019-19781
Public exploit exists!
Used for ransomware!
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
Vulnerability category: Directory traversal
Products affected by CVE-2019-19781
- cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*
- cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1:*:*:*:*:*:*:*
- cpe:2.3:o:citrix:netscaler_gateway_firmware:12.0:*:*:*:*:*:*:*
- cpe:2.3:o:citrix:netscaler_gateway_firmware:12.1:*:*:*:*:*:*:*
- cpe:2.3:o:citrix:application_delivery_controller_firmware:12.0:*:*:*:*:*:*:*
- cpe:2.3:o:citrix:application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*
- cpe:2.3:o:citrix:application_delivery_controller_firmware:11.1:*:*:*:*:*:*:*
- cpe:2.3:o:citrix:application_delivery_controller_firmware:12.1:*:*:*:*:*:*:*
- cpe:2.3:o:citrix:application_delivery_controller_firmware:13.0:*:*:*:*:*:*:*
- cpe:2.3:o:citrix:gateway_firmware:13.0:*:*:*:*:*:*:*
CVE-2019-19781 is in the CISA Known Exploited Vulnerabilities Catalog
This issue is known to have been leveraged as part of a ransomware campaign.
CISA vulnerability name:
Citrix ADC, Gateway, and SD-WAN WANOP Appliance Code Execution Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an unspecified vulnerability that could allow an unauthenticated attacker to perform code execution.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2019-19781
Added on
2021-11-03
Action due date
2022-05-03
Exploit prediction scoring system (EPSS) score for CVE-2019-19781
94.44%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2019-19781
-
Citrix ADC (NetScaler) Directory Traversal RCE
Disclosure Date: 2019-12-17First seen: 2020-04-26exploit/linux/http/citrix_dir_traversal_rceexploit/linux/http/citrix_dir_traversal_rce This module exploits a directory traversal in Citrix Application Delivery Controller (ADC), aka NetScaler, and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0, to execute an arbitrary command payload. -
Citrix ADC (NetScaler) Directory Traversal RCE
Disclosure Date: 2019-12-17First seen: 2021-04-16exploit/freebsd/http/citrix_dir_traversal_rceThis module exploits a directory traversal in Citrix Application Delivery Controller (ADC), aka NetScaler, and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0, to execute an arbitrary command payload. -
Citrix ADC (NetScaler) Directory Traversal Scanner
Disclosure Date: 2019-12-17First seen: 2020-04-26auxiliary/scanner/http/citrix_dir_traversalThis module exploits a directory traversal vulnerability (CVE-2019-19781) within Citrix ADC (NetScaler). It requests the smb.conf file located in the /vpns/cfg directory by issuing the request /vpn/../vpns/cfg/smb.conf. It then checks if the server is vulnerable by looking f
CVSS scores for CVE-2019-19781
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-02-04 |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2019-19781
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2019-19781
-
http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution-Traversal.html
Citrix Application Delivery Controller / Gateway Remote Code Execution / Traversal ≈ Packet StormThird Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-Traversal-Remote-Code-Execution.html
Citrix ADC (NetScaler) Directory Traversal / Remote Code Execution ≈ Packet StormThird Party Advisory;VDB Entry
-
https://forms.gle/eDf3DXZAv96oosfj6
CVE-2019-19781 Report RequestThird Party Advisory
-
https://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2019-19781/
Over 25,000 Citrix (NetScaler) endpoints vulnerable to CVE-2019-19781 – Bad PacketsBroken Link;Third Party Advisory
-
https://www.kb.cert.org/vuls/id/619785
VU#619785 - Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP web server vulnerabilityThird Party Advisory;US Government Resource
-
http://packetstormsecurity.com/files/155972/Citrix-ADC-Gateway-Path-Traversal.html
Citrix ADC / Gateway Path Traversal ≈ Packet StormThird Party Advisory;VDB Entry
-
https://support.citrix.com/article/CTX267027
CVE-2019-19781 - Vulnerability in Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP applianceVendor Advisory
-
http://packetstormsecurity.com/files/155904/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution.html
Citrix Application Delivery Controller / Gateway Remote Code Execution ≈ Packet StormThird Party Advisory;VDB Entry
-
https://twitter.com/bad_packets/status/1215431625766424576
Bad Packets Report on Twitter: "Mass scanning activity detected from 82.102.16.220 (🇩🇪) checking for Citrix NetScaler Gateway endpoints vulnerable to CVE-2019-19781. Affected organizations are advisBroken Link;Third Party Advisory
-
http://packetstormsecurity.com/files/155930/Citrix-Application-Delivery-Controller-Gateway-10.5-Remote-Code-Execution.html
Citrix Application Delivery Controller / Gateway 10.5 Remote Code Execution ≈ Packet StormThird Party Advisory;VDB Entry
Jump to