CVE-2019-19781

nvd nist nuclei

Published: Dec 27, 2019Modified: Nov 7, 2025CISA KEV

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.

Affected (10)

Products: Citrix: Application Delivery Controller Firmware, Netscaler Gateway Firmware, Gateway Firmware

3 products

Application Delivery Controller Firmware

Netscaler Gateway Firmware

Gateway Firmware

Configuration A

5 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Citrix Application Delivery Controller Firmware	Version 10.5
Citrix Application Delivery Controller Firmware	Version 11.1
Citrix Application Delivery Controller Firmware	Version 12.0
Citrix Application Delivery Controller Firmware	Version 12.1
Citrix Application Delivery Controller Firmware	Version 13.0

Running on/with	Platform Versions
Citrix Application Delivery Controller	All versions

Configuration B

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Citrix Netscaler Gateway Firmware	Version 10.5
Citrix Netscaler Gateway Firmware	Version 11.1
Citrix Netscaler Gateway Firmware	Version 12.0
Citrix Netscaler Gateway Firmware	Version 12.1

Running on/with	Platform Versions
Citrix Netscaler Gateway	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Citrix Gateway Firmware	Version 13.0

Running on/with	Platform Versions
Citrix Gateway	All versions

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (21)

http://packetstormsecurity.com/files/155904/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution.html

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution-Traversal.html

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/155930/Citrix-Application-Delivery-Controller-Gateway-10.5-Remote-Code-Execution.html

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-Traversal-Remote-Code-Execution.html

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/155972/Citrix-ADC-Gateway-Path-Traversal.html

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2019-19781/

Source: cve@mitre.org

Broken LinkThird Party Advisory

https://forms.gle/eDf3DXZAv96oosfj6

Source: cve@mitre.org

Third Party Advisory

https://support.citrix.com/article/CTX267027

Source: cve@mitre.org

Vendor Advisory

https://twitter.com/bad_packets/status/1215431625766424576

Source: cve@mitre.org

Broken LinkThird Party Advisory

https://www.kb.cert.org/vuls/id/619785

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

http://packetstormsecurity.com/files/155904/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution-Traversal.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/155930/Citrix-Application-Delivery-Controller-Gateway-10.5-Remote-Code-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-Traversal-Remote-Code-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/155972/Citrix-ADC-Gateway-Path-Traversal.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2019-19781/

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party Advisory

https://forms.gle/eDf3DXZAv96oosfj6

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://support.citrix.com/article/CTX267027

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://twitter.com/bad_packets/status/1215431625766424576

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party Advisory

https://www.kb.cert.org/vuls/id/619785

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-19781

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.