9.8
CVE-2019-19781
- EPSS 94.44%
- Veröffentlicht 27.12.2019 14:15:12
- Zuletzt bearbeitet 03.04.2025 19:51:47
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Citrix ≫ Application Delivery Controller Firmware Version10.5
Citrix ≫ Application Delivery Controller Firmware Version11.1
Citrix ≫ Application Delivery Controller Firmware Version12.0
Citrix ≫ Application Delivery Controller Firmware Version12.1
Citrix ≫ Application Delivery Controller Firmware Version13.0
Citrix ≫ Netscaler Gateway Firmware Version10.5
Citrix ≫ Netscaler Gateway Firmware Version11.1
Citrix ≫ Netscaler Gateway Firmware Version12.0
Citrix ≫ Netscaler Gateway Firmware Version12.1
Citrix ≫ Gateway Firmware Version13.0
03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog
Citrix ADC, Gateway, and SD-WAN WANOP Appliance Code Execution Vulnerability
SchwachstelleCitrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an unspecified vulnerability that could allow an unauthenticated attacker to perform code execution.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 94.44% | 1 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.