Bug Hunting: CVE-2019–19781(Remote Code Execution)

What is CVE-2019–19781?

An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.

As stated above all the CITRIX ADC with versions specified above are vulnerable to this attack. When I was working on a target, I was enumerating the list of IP addresses.

How to find the IP address of a target?

blechschmidt/massdns

Home * Censys

Comprehensive IP address data, IP geolocation API and database - IPInfo.io

Shodan

Using the above methods, one will be able to identify the list of IP addresses of a target application. I have initially collected IP address details and then I was planning to look for the vulnerable machine.

There is a Github link available to identify a list of vulnerable machines for CVE-2019–19781 attack.

trustedsec/cve-2019-19781

Steps:

1. Identify the list of IP addresses of the target application
2. Run the vulnerability scanner from above github link and check whether the machine is vulnerable or not

vulnerable CITRIX ADC running on the target machine

To check the vulnerability using the scanner:

machine is vulnerable to RCE

As shown above, the machine was found to be vulnerable to remote code execution attacks.

• Reported RCE on 16-Jan-2020
• 17-Jan-2020 bug was marked as duplicate finding. No bounty:-)

If you like the content, please follow me on medium and LinkedIn

LinkedIn: https://www.linkedin.com/in/pravin-r-p-oscp-28497712b/