PoC Exploit Code Released for Citrix ACD and Gateway RCE Vulnerability dshopsu, freshcvvru
Citrix remote code execution vulnerability was published last month, the vulnerability can be tracked as CVE-2019-19781 .
It may create a serious threat for organizations deployed with Citrix Application Delivery Controller and gateway.
An advisory was released by Citrix detailing the configuration changes to mitigate the vulnerability. The following are the affected versions.
Citrix believed to be used in more than 80,000 companies around the globe, the vulnerability could pose a serious threat for organizations.
A couple of days before researchers observed that attackers started scanning for the vulnerability, the scans include simple to dangerous requests.
A Security researchers group with handle projectzeroindia published the first working exploit code for the vulnerability.
Following that TrustedSec published the exploit code , TrustedSec said that they have the tool developed earlier but they opted to have private, as other researchers published code, they too released.
MDSsec released a video demonstration explaining how the vulnerability can be exploited, but the code was not published.
Shodan has added detection for the Citrix vulnerability (CVE-2019-19781).
After the PoC code published a huge spike detected on honeypots, attackers started using public exploits to install backdoors.