Platform updates

New tool for detecting the critical Citrix RCE vulnerability (CVE-2019-19781)

Publisher
Pentest-Tools.com
Updated at
Article tags

To help our customers assess the security of their Citrix ADC and Citrix Gateway devices, we have added a new tool on Pentest-Tools.com to detect the recent RCE vulnerability (CVE-2019-19781).

Our Citrix Vulnerability Scanner detects this vulnerability by trying to read a specific file from the disk of a target device using a path traversal technique.

Here’s how a sample report of the scan looks like:

An RCE example involving Citrix ADC found via Pentest-Tools.comWhen successfully exploited, the vulnerability could allow an attacker to execute arbitrary code on the vulnerable Citrix device without any account or authentication credentials required.

A deep dive into this topic has been performed by the security researchers at MDSec, and they’ve shown how this vulnerability can be exploited in their write-up.

According to Shodan, over 125,000 Citrix systems are being exposed on the Internet and public exploits are already available online.

The vendor hasn’t released yet an official patch for CVE-2019-1978 (it’s expected at the end of January), but it strongly advises all customers to apply the specific mitigation measures listed for every Citrix device impacted.

To check if your Citrix device is affected by this vulnerability, we recommend using our Citrix Vulnerability Scanner.

Get fresh security research

In your inbox. (No fluff. Actionable stuff only.)

I can see your vulns image

Discover our ethical hacking toolkit and all the free tools you can use!

Create free account

Footer

© 2013-2025 Pentest-Tools.com

Deloitte Fast 500 EMEA 2023

One of EMEA's fastest-growing tech companies.

Recognized by Deloitte in their Fast 500 EMEA 2023 for sustained financial growth and impact.

48,000+ security folks are here. Are you?

Follow us on LinkedIn for practical offensive security tips, guides, and real talk.

More than demos - real faces, real insight.

Subscribe on Youtube to see our team demo the product, build PoCs, and share what drives us.

G2 x Gartner

Security leaders trust what they can prove

See why they choose accurate results, time-saving automation, and clear reporting on Gartner Peer Reviews and G2.