Citrix has released a critical vulnerability warning (CVE-2019-19781) in all Citrix ADC & Gateway systems one week before Christmas. Several working exploits have been released since Jan. 10, 2020 and are available to everyone.
Important ! The fix from Citrix with the Responder Policy does not work on systems with version 12.1.51.16/51.19, 50.31 and older. If this version is in use, please update to the latest 12.1 version.
The exploits allow remote code to be executed anonymously, allowing unauthenticated attackers to take over the various machines with root privileges.
Continue reading “Checklist for Citrix ADC CVE-2019-19781”