Jump to content
Welcome to our new Citrix community!

CVE-2019-19781 - scope of exposure


Todd Mason

Recommended Posts

Regarding CVE-2019-19781, it's still not obvious to me after reading the various posts and alert.  Are NetScaler ADCs (version 12.0.x) with public VIPs that do NOT have or terminate http(s) or VPNs publicly vulnerable? 

 

That is if the NS appliance has public L4 UDP/TCP service VIPs with with appropriate ACLs for those services and the only http(s) service exposed is the Nitro interface on a private NSIP. 

 

Is the only exposure to this vulnerability from the Nitro interface via the NSIP?

 

Thank you,

Todd

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...