A Curious Case of CVE-2019-19781 Palware: remove_bds

Vulnerability in Citrix Application Delivery Controller and Citrix Gateway (CVE-2019-19781) – updated

Published on December 17 2019, CVE-2019-19781 is a vulnerability in the Citrix Application Delivery Controller (ADC) and Gateway that, if exploited, allows an unauthenticated attacker to perform arbitrary Remote Code Execution (RCE). Based on the proposed mitigations for the problems, the root cause of the vulnerability stems from how the clients handle SSL VPN requests. While Citrix has provided their clients with information on how to mitigate the issue, a permanent fix has yet to be published.
Continue reading “A Curious Case of CVE-2019-19781 Palware: remove_bds”