Updates
- Citrix has published the update firmware for all the NetScaler Appliances
Citrix — CVE-2019-19781
Citrix has posted a Security Advisory in which their NetScaler and ADC controllers are vulnerable RCE flaw by an unauthenticated user to gain root-level access. Be sure to apply the mitigation responder policy ASAP. Firmware updates are not available at the present time.
My review of the mitigation rule policy suggests this will be trivial for attackers to exploit in the near days and weeks.
Note: Unsupported End of Life old versions of the software may also be affected, even though those versions are not listed and/or patches available.