Tracked as CVE-2019-19781 and featuring a CVSS score of 9.8, the vulnerability has existed since 2014. Exploitation could result in attackers gaining unauthorized access to internal network resources and executing arbitrary code.
“All supported versions of the product, and all supported platforms” are impacted by the security flaw, Positive Technologies, the company that discovered the bug, says. The affected products were previously known as NetScaler ADC and NetScaler Gateway.
On December 17, Citrix published its own security bulletin on this vulnerability, but hasn’t released a patch as of now. However, the company did publish a support article detailing configuration changes that organizations should make to mitigate the impact of this vulnerability.