Platform updates

New tool for detecting the critical Citrix RCE vulnerability (CVE-2019-19781)

Updated at
Article tags

To help our customers assess the security of their Citrix ADC and Citrix Gateway devices, we have added a new tool on to detect the recent RCE vulnerability (CVE-2019-19781).

Our Citrix Vulnerability Scanner detects this vulnerability by trying to read a specific file from the disk of a target device using a path traversal technique.

Here’s how a sample report of the scan looks like:

An RCE example involving Citrix ADC found via Pentest-Tools.comWhen successfully exploited, the vulnerability could allow an attacker to execute arbitrary code on the vulnerable Citrix device without any account or authentication credentials required.

A deep dive into this topic has been performed by the security researchers at MDSec, and they’ve shown how this vulnerability can be exploited in their write-up.

According to Shodan, over 125,000 Citrix systems are being exposed on the Internet and public exploits are already available online.

The vendor hasn’t released yet an official patch for CVE-2019-1978 (it’s expected at the end of January), but it strongly advises all customers to apply the specific mitigation measures listed for every Citrix device impacted.

To check if your Citrix device is affected by this vulnerability, we recommend using our Citrix Vulnerability Scanner.

Get fresh security research

In your inbox. (No fluff. Actionable stuff only.)

I can see your vulns image

Related articles

Suggested articles

Discover our ethical hacking toolkit and all the free tools you can use!

Create free account


© 2013-2024 has a LinkedIn account it's very active on

Join over 45,000 security specialists to discuss career challenges, get pentesting guides and tips, and learn from your peers. Follow us on LinkedIn! has a YouTube account where you can find tutorials and useful videos

Expert pentesters share their best tips on our Youtube channel. Subscribe to get practical penetration testing tutorials and demos to build your own PoCs!

G2 award badge recognized as a Leader in G2’s Spring 2023 Grid® Report for Penetration Testing Software. Discover why security and IT pros worldwide use the platform to streamline their penetration and security testing workflow.

OWASP logo is a Corporate Member of OWASP (The Open Web Application Security Project). We share their mission to use, strengthen, and advocate for secure coding standards into every piece of software we develop.