9.8
CVE-2019-19781
- EPSS 94.44%
- Published 27.12.2019 14:15:12
- Last modified 03.04.2025 19:51:47
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
Data is provided by the National Vulnerability Database (NVD)
Citrix ≫ Application Delivery Controller Firmware Version10.5
Citrix ≫ Application Delivery Controller Firmware Version11.1
Citrix ≫ Application Delivery Controller Firmware Version12.0
Citrix ≫ Application Delivery Controller Firmware Version12.1
Citrix ≫ Application Delivery Controller Firmware Version13.0
Citrix ≫ Netscaler Gateway Firmware Version10.5
Citrix ≫ Netscaler Gateway Firmware Version11.1
Citrix ≫ Netscaler Gateway Firmware Version12.0
Citrix ≫ Netscaler Gateway Firmware Version12.1
Citrix ≫ Gateway Firmware Version13.0
03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog
Citrix ADC, Gateway, and SD-WAN WANOP Appliance Code Execution Vulnerability
VulnerabilityCitrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an unspecified vulnerability that could allow an unauthenticated attacker to perform code execution.
DescriptionApply updates per vendor instructions.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 94.44% | 1 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.