Citrix ADC and Citrix NetScaler Gateway Arbitrary Code Execution (CTX267027)

critical Nessus Network Monitor Plugin ID 701262


The remote device is affected by a buffer overflow vulnerability.


The remote Citrix ADC or Citrix NetScaler Gateway device is affected by an arbitrary code execution vulnerability. An unauthenticated, remote attacker may be able to leverage this vulnerability to perform arbitrary code execution on an affected host.


For versions 11.1.x and 12.0.x, upgrade to and respectively. For all other versions, refer to vendor documentation for configuration mitigation.

See Also

Plugin Details

Severity: Critical

ID: 701262

Family: SNMP

Published: 1/22/2020

Updated: 1/22/2020

Nessus ID: 132397

Risk Information


Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:o:citrix:netscaler_access_gateway_firmware:*:*:*:*:*:*:*:*

Patch Publication Date: 12/17/2019

Vulnerability Publication Date: 12/17/2019

Exploitable With

Metasploit (Metasploit (Citrix ADC (NetScaler) Directory Traversal RCE))

Reference Information

CVE: CVE-2019-19781