US CISA released a utility to test whether their Citrix Application Delivery Controller (ADC) and Citrix Gateway software is susceptible to the zero-day CVE-2019-19781 vulnerability. The zero-day flaw has already been exploited by cybercrime
The US Cybersecurity and Infrastructure Security Agency (CISA) has released a utility that enables users and administrators to test whether their software is susceptible to the zero-day CVE-2019-19781 vulnerability. According to Citrix Security Bulletin CTX267027, beginning on January 20, 2020, the company will be releasing new versions of ADC and Gateway that will patch it. The flaw was announced in the last days and confirmed by vendor. The problem originated from gaps in the management of http client requests by the web interfaces of the Appliances in question, which make it possible for a remote attacker to execute arbitrary commands within the system, to install backdoors and malware without any authentication. Moreover, the zero-day vulnerability has already been exploited by cybercrime with waves of attacks against many targets.