Citrix Adds SD-WAN WANOP, Updated Mitigations to CVE-2019-19781 Advisory

["US-CERT" <US-CERT () ncas us-cert gov>]

Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Citrix Adds SD-WAN WANOP, Updated Mitigations to CVE-2019-19781 Advisory [ 
https://www.us-cert.gov/ncas/current-activity/2020/01/17/citrix-adds-sd-wan-wanop-updated-mitigations-cve-2019-19781 ] 
01/17/2020 09:34 PM EST 
Original release date: January 17, 2020

Citrix has released an article with updates on CVE-2019-19781, a vulnerability affecting Citrix Application Delivery 
Controller (ADC) and Citrix Gateway. This vulnerability also affects Citrix SD-WAN WANOP product versions 10.2.6 and 
version 11.0.3. The article includes updated mitigations for Citrix ADC and Citrix Gateway Release 12.1 build 50.28. An 
attacker could exploit CVE-2019-19781 to take control of an affected system. Citrix plans to begin releasing security 
updates for affected software starting January 20, 2020.

The Cybersecurity and Infrastructure Security Agency (CISA) recommends users and administrators:


  * Review the Citrix article on updates on Citrix ADC, Citrix Gateway vulnerability [ 
https://www.citrix.com/blogs/2020/01/17/citrix-updates-on-citrix-adc-citrix-gateway-vulnerability/ ], published January 
17, 2020; 
  * See Citrix Security Bulletin CTX267027  Vulnerability in Citrix Application Delivery Controller, Citrix Gateway, 
and Citrix SD-WAN WANOP appliance [ https://support.citrix.com/article/CTX267027 ]; 
  * Apply the recommended mitigations in CTX267679  Mitigation Steps for CVE-2019-19781 [ 
https://support.citrix.com/article/CTX267679 ]; and 
  * Verify the successful application of the above mitigations by using the tool in CTX269180  CVE-2019-19781  
Verification ToolTest [ https://support.citrix.com/article/CTX269180 ]. 

This product is provided subject to this Notification [ https://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ https://www.dhs.gov/privacy-policy ] policy.

body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: normal; font-style: normal; color: 
#333333; } ________________________________________________________________________

A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have 
questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a 
notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () 
ncas us-cert gov to your address book. 

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ]  

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]