New tool for detecting the critical Citrix RCE vulnerability (CVE-2019-19781)

To help our customers assess the security of their Citrix ADC and Citrix Gateway devices, we have added a new tool on Pentest-Tools.com to detect the recent RCE vulnerability (CVE-2019-19781).

Our Citrix Vulnerability Scanner detects this vulnerability by trying to read a specific file from the disk of a target device using a path traversal technique.

Here’s how a sample report of the scan looks like:

When successfully exploited, the vulnerability could allow an attacker to execute arbitrary code on the vulnerable Citrix device without any account or authentication credentials required.

A deep dive into this topic has been performed by the security researchers at MDSec, and they’ve shown how this vulnerability can be exploited in their write-up.

According to Shodan, over 125,000 Citrix systems are being exposed on the Internet and public exploits are already available online.

The vendor hasn’t released yet an official patch for CVE-2019-1978 (it’s expected at the end of January), but it strongly advises all customers to apply the specific mitigation measures listed for every Citrix device impacted.

To check if your Citrix device is affected by this vulnerability, we recommend using our Citrix Vulnerability Scanner.