AppCheck Plug-in for Citrix Vulnerability CVE-2019-19781

Citrix Vulnerability Details

Citrix have released an advisory regarding CVE-2019-19781 which you can read in full here: Vulnerability in Citrix Application Delivery Controller and Citrix Gateway

In short a vulnerability was identified in Citrix Application Delivery Controller (ADC) formerly known as NetScaler ADC and Citrix gateway formerly known as NetScaler Gateway. If exploited this vulnerability could allow an unauthenticated attacker to perform arbitrary code execution.

AppCheck Plug-in for CVE-2019-19781

AppCheck have released a plug-in to check for the above vulnerability. Specifically, the module will look to detect a remote code execution flaw in Citrix appliances.

What is Arbitrary Code Execution?

Arbitrary Code Execution (ACE) describes the ability to execute commands on a target. Once a hacker has successfully exploited this vulnerability they could gain access to the protected network without valid logon credentials. The attacker could issue commands, read or edit files and even priv-up to gain full control of a system.

Additional Information

As always, if you require any more information on this topic or want to see how AppCheck can help find vulnerabilities in your applications and infrastructure then please get in contact with us: info@appcheck-ng.com