Attackers are actively probing for vulnerable Citrix Application Delivery Controller (ADC) and Gateway hosts, while multiple proof-of-concept scripts are released, emphasizing the importance of mitigating this flaw immediately.
On December 17, Citrix published a support article for CVE-2019-19781, a path traversal flaw in Citrix ADC and Citrix Gateway, both of which were formerly known as NetScaler ADC and NetScaler Gateway. Citrix cautioned that successful exploitation could result in an unauthenticated attacker gaining remote code execution. Citrix did not provide a patch for the vulnerability, but instead strongly urged customers to apply mitigation steps to thwart exploitation attempts. In the weeks since, attackers have begun scanning for vulnerable hosts for reconnaissance, with some reports suggesting attackers may have already exploited this vulnerability in the wild.
On January 3, SANS Internet Storm Center (ISC) tweeted that they had observed the “first exploit attempt” for this vulnerability in the wild.