9.8

CVE-2019-19781

Warnung
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Citrix ADC, Gateway, and SD-WAN WANOP Appliance Code Execution Vulnerability

Schwachstelle

Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an unspecified vulnerability that could allow an unauthenticated attacker to perform code execution.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 100% 1
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://packetstormsecurity.com/files/155904/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution.html
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution-Traversal.html
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/155930/Citrix-Application-Delivery-Controller-Gateway-10.5-Remote-Code-Execution.html
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-Traversal-Remote-Code-Execution.html
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/155972/Citrix-ADC-Gateway-Path-Traversal.html
Third Party Advisory
VDB Entry
https://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2019-19781/
Third Party Advisory
Broken Link
https://forms.gle/eDf3DXZAv96oosfj6
Third Party Advisory
https://support.citrix.com/article/CTX267027
Vendor Advisory
https://twitter.com/bad_packets/status/1215431625766424576
Third Party Advisory
Broken Link
https://www.kb.cert.org/vuls/id/619785
Third Party Advisory
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-19781
US Government Resource