Citrix Vulnerability Scanner (CVE-2019-19781)

Discover Citrix ADC/Netscaler devices vulnerable to Remote Code Execution due to a path traversal vulnerability

Sample Report | Use Cases | Technical Details

Sample Report

Here is a Citrix Vulnerability Scanner (CVE-2019-19781) sample report:

  • Contains sample evidence for the identified vulnerability
  • Includes risk description and exploit information
  • Provides recommendation measures

Download Sample Report

Sample report

Citrix Vulnerability Scanner (CVE-2019-19781) - Use Cases

This tool detects if the target server is a Citrix device affected by the Remode Code Execution vulnerability CVE-2019-19781. The detection is performed by trying to read a certain file from the disk while using a path traversal technique.

Technical Details


Citrix Application Delivery Controller (ADC) and Citrix Gateway (also known as NetScaler Gateway) have been affected by a path traversal flaw which could lead to arbitrary code execution on the vulnerable devices.

This critical vulnerability (identified as CVE-2019-19781) has been announced by Citrix on December 17, 2019, and it was further investigated by the MDSec team in their article which also shows how the exploitation can be performed.

Our scanner attempts to discover the vulnerability by trying to fingeprint the Citrix device and then by trying to access the file '/vpn/../vpns/cfg/samba.conf' from the vulnerable server.


Parameter Description
Target host This can be an a single IP or a hostname. When a single IP/hostname is being scanned, the tool will try to read a certain file from the Citrix device in order to prove the vulnerability.
Target port This is the port associated with the target service and it can be changed as non-default port. Default: 443/HTTPS.

How it works

The vulnerability is actively discovered by connecting to the target device and attempting to retrieve the file '/vpn/../vpns/cfg/samba.conf' using path traversal.