CVE-2019-19781

An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.

CVSS v3.0 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://support.citrix.com/article/CTX267027	Vendor Advisory
https://www.kb.cert.org/vuls/id/619785	Third Party Advisory US Government Resource
https://twitter.com/bad_packets/status/1215431625766424576	Broken Link Third Party Advisory
https://forms.gle/eDf3DXZAv96oosfj6	Third Party Advisory
https://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2019-19781/	Broken Link Third Party Advisory
http://packetstormsecurity.com/files/155930/Citrix-Application-Delivery-Controller-Gateway-10.5-Remote-Code-Execution.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution-Traversal.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/155904/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-Traversal-Remote-Code-Execution.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/155972/Citrix-ADC-Gateway-Path-Traversal.html	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:citrix:application_delivery_controller_firmware:10.5:::::::*
	cpe:2.3:o:citrix:application_delivery_controller_firmware:11.1:::::::*
	cpe:2.3:o:citrix:application_delivery_controller_firmware:12.0:::::::*
	cpe:2.3:o:citrix:application_delivery_controller_firmware:12.1:::::::*
	cpe:2.3:o:citrix:application_delivery_controller_firmware:13.0:::::::*

cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:::::::*
	cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1:::::::*
	cpe:2.3:o:citrix:netscaler_gateway_firmware:12.0:::::::*
	cpe:2.3:o:citrix:netscaler_gateway_firmware:12.1:::::::*

cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:citrix:gateway_firmware:13.0:*:*:*:*:*:*:*

cpe:2.3:h:citrix:gateway:-:*:*:*:*:*:*:*

Information

Published : 2019-12-27 06:15

Updated : 2023-01-20 08:21

NVD link : CVE-2019-19781

Mitre link : CVE-2019-19781

JSON object : View

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Products Affected

citrix

netscaler_gateway_firmware
application_delivery_controller
application_delivery_controller_firmware
netscaler_gateway
gateway
gateway_firmware

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://support.citrix.com/article/CTX267027", "name": "https://support.citrix.com/article/CTX267027", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://www.kb.cert.org/vuls/id/619785", "name": "VU#619785", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": "CERT-VN"}, {"url": "https://twitter.com/bad_packets/status/1215431625766424576", "name": "https://twitter.com/bad_packets/status/1215431625766424576", "tags": ["Broken Link", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://forms.gle/eDf3DXZAv96oosfj6", "name": "https://forms.gle/eDf3DXZAv96oosfj6", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2019-19781/", "name": "https://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2019-19781/", "tags": ["Broken Link", "Third Party Advisory"], "refsource": "MISC"}, {"url": "http://packetstormsecurity.com/files/155930/Citrix-Application-Delivery-Controller-Gateway-10.5-Remote-Code-Execution.html", "name": "http://packetstormsecurity.com/files/155930/Citrix-Application-Delivery-Controller-Gateway-10.5-Remote-Code-Execution.html", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "MISC"}, {"url": "http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution-Traversal.html", "name": "http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution-Traversal.html", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "MISC"}, {"url": "http://packetstormsecurity.com/files/155904/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution.html", "name": "http://packetstormsecurity.com/files/155904/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution.html", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "MISC"}, {"url": "http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-Traversal-Remote-Code-Execution.html", "name": "http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-Traversal-Remote-Code-Execution.html", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "MISC"}, {"url": "http://packetstormsecurity.com/files/155972/Citrix-ADC-Gateway-Path-Traversal.html", "name": "http://packetstormsecurity.com/files/155972/Citrix-ADC-Gateway-Path-Traversal.html", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-22"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-19781", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "acInsufInfo": false, "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}}, "publishedDate": "2019-12-27T14:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:11.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:12.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:application_delivery_controller_firmware:13.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:citrix:application_delivery_controller:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:citrix:netscaler_gateway_firmware:12.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:citrix:netscaler_gateway:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:citrix:gateway_firmware:13.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:citrix:gateway:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-01-20T16:21Z"}

9.8 /10