Skip to main content

Active exploitation of critical vulnerability in Citrix Application Delivery Controller and Citrix Gateway

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is aware of ongoing attempts to exploit a critical vulnerability in Citrix Application Delivery Controller (ADC) (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway) and Citrix SD-WAN WANOP.

Alert status
CRITICAL

The vulnerability, known as CVE-2019-19781, was disclosed on 17 December 2019 and enables an unauthenticated adversary to execute arbitrary code.

Due to active exploitation of this vulnerability, organisations running the affected applications that did not implement Citrix’s mitigations before 11 January 2020 should attempt to identify and remediate successful exploitation of their Citrix servers. Advice is provided in the Detecting Compromise and Remediating Compromise sections below.