High
Ongoing scans for Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) servers vulnerable to attacks exploiting CVE-2019-19781
If exploited, it could allow an unauthenticated remote attacker to access private network resources and execute arbitrary code on vulnerable systems. This attack does not require access to any accounts, and therefore can be performed by any external attacker.
This vulnerability allows any unauthorized attacker to not only access published applications, but also attack other resources on the company’s internal network from the Citrix server.
Arbitrary code execution
Citrix
Citrix has released a set of mitigation measures which can be implemented and recommends recommends all impacted customers to apply them as soon as possible.