Citrix Discloses Severe Bug in NetScaler

By Daniel Ruiz
Senior Solutions Architect

UPDATED JANUARY 20, 2020

*** Important Update on Citrix ADC Vulnerability CVE-2019-19781***

Citrix has delivered the first permanent fixes (for ADC version 11.1 and 12.0) and moved up target delivery dates for the remaining versions. If your devices are running 11.1 or 12.0 please contact service@helient.com as soon as possible to schedule installation. Helient Managed Services customers will be contacted directly and will receive priority service installing this update.

https://www.citrix.com/blogs/2020/01/19/vulnerability-update-first-permanent-fixes-available-timeline-accelerated/

Citrix has disclosed a severe bug in its Citrix Application Delivery Controller (ADC), formerly known as NetScaler.

The vulnerability if exploited can allow an unauthenticated attacker to perform arbitrary code execution.

At the moment there is no permanent fix , however Citrix created a work around which is discussed in the following articlehttps://support.citrix.com/article/CTX267679

Helient recommends for clients to implement these changes on your NetScaler to ensure you are protected.

The vulnerability affects all supported product versions and all supported platforms:

  • Citrix ADC and Citrix Gateway version 13.0 all supported builds
  • Citrix ADC and NetScaler Gateway version 12.1 all supported builds
  • Citrix ADC and NetScaler Gateway version 12.0 all supported builds
  • Citrix ADC and NetScaler Gateway version 11.1 all supported builds
  • Citrix NetScaler ADC and NetScaler Gateway version 10.5 all supported builds

Additional information regarding the vulnerability can be found on https://support.citrix.com/article/CTX267027

If you would like more information or assistance from our industry-leading team of Citrix experts to plan and execute the work around, please contact us at service@helient.com.