Home / Blog / General / Threat Intel: Citrix NetScaler (CVE-2019-19781)

April 2, 2020

Threat Intelligence.

Threat Intelligence (CRITICAL UPDATE)

Previously reported in 17 December 2019, a vulnerability has been identified in Citrix NetScaler ADC and Citrix Netscaler Gateway, which could allow an unauthenticated attacker to perform arbitrary code execution.

Citrix released an Advisory (CVE-2019-19781) on the day of the announcement, comprising of mitigation steps that can help guard against the possibility of attack (rather than a security update).

On 19 January 2020, Citrix began to release fixes (see below).

However, many organisations are yet to apply the update and with active exploit code now circulating on the internet, organisations remain at critical risk.

Citrix Netscaler Vulnerability


Malicious actors have successfully compromised numerous organisations, deploying various payloads once exploitation has taken place.

Compromised systems cannot be remediated by applying the fix. Once malicious actors establish a foothold on an affected device, their presence remains even though the original attack vector has been closed.

Full information on this security update can be found here:

Comtact recommend installing the latest updates as soon as practicable and to follow the vendor mitigation advice immediately.

Fixes for all affected ADC versions:

Fixes for all affected Gateway versions:

Fixes for all affected SD-WAN models:

Related articles:

About Comtact Ltd.

Comtact Ltd. is a specialist Cyber Security and IT Managed Service Provider, supporting clients 24/7 from our ISO27001-accredited UK Security Operations Centre (SOC).

Located at the heart of a high security, controlled-access Tier 3 data centre, Comtact’s state-of-the-art UK Cyber Defence Centre (SOC) targets, hunts & disrupts hacker behaviour, as part of a multi-layered security defence, to help secure some of the UK’s leading organisations.