Citrix Application Delivery Controller & Citrix Gateway RCE

Published on January 10th, 2020


 Security Researchers at Positive Technologies disclosed a vulnerability identified as CVE-2019-19781 that affects Citrix Application Delivery Controllers. Successful exploitation can be executed in one minute which has Positive Technologies giving the exploit a maximum 10 score on the CVSS scale. This vulnerability is a remote code execution vulnerability which allows an attacker to execute code remotely without authentication.

Threat Intelligence

At this time, the Masergy Threat Intelligence Team is aware of proof-of-concept exploits being developed by security researchers and are tracking reports of in-the-wild scanning for this vulnerability. We will continue to monitor the situation. We assess that it is highly likely that actors will pursue the development of exploits for this vulnerability.


Systems Affected


We recommend the following actions be taken:  


At this time, Citrix has not released a firmware patch for the vulnerability.



Positive Technologies: