Home Vulnerabilities New Tool for Detecting the Critical Citrix RCE Vulnerability (CVE-2019-19781)

New Tool for Detecting the Critical Citrix RCE Vulnerability (CVE-2019-19781)

by Ioana Rijnetu

Reading time

2 minutes

Reading Time: 2 minutes

To help our customers assess the security of their Citrix ADC and Citrix Gateway devices, we have added a new tool on Pentest-Tools.com to detect the recent RCE vulnerability (CVE-2019-19781).

Our Citrix Vulnerability Scanner detects this vulnerability by trying to read a specific file from the disk of a target device using a path traversal technique.

Citrix RCE Vulnerability scanner pentest-tools.com

Here’s how a sample report of the scan looks like:

When successfully exploited, the vulnerability could allow an attacker to execute arbitrary code on the vulnerable Citrix device without any account or authentication credentials required.

A deep dive into this topic has been performed by the security researchers at MDSec, and they’ve shown how this vulnerability can be exploited in their write-up.

According to Shodan, over 125,000 Citrix systems are being exposed on the Internet and public exploits are already available online.

The vendor hasn’t released yet an official patch for CVE-2019-1978 (it’s expected at the end of January), but it strongly advises all customers to apply the specific mitigation measures listed for every Citrix device impacted.

To check if your Citrix device is affected by this vulnerability, we recommend using our Citrix Vulnerability Scanner.

Related Posts

DETECT CVE-2021-21972

How to detect VMware vCenter RCE with Pentest-Tools.com (CVE-2021-21972)

Microsoft RCE vulnerability Bad Neighbor

Discover how dangerous a ‘Bad Neighbor’ can be – TCP/IP Vulnerability (CVE-2020-16898)



tester April 11, 2021 - 9:59 am

where i can find this scanner because i am not getting it.

Ioana Rijnetu April 19, 2021 - 3:57 pm

Hello and thank you for reaching out! This specific scanner is now integrated into our Network Vulnerability Scanner: https://pentest-tools.com/network-vulnerability-scanning/network-security-scanner-online-openvas. You can try it for free!