Citrix ADC and Gateway Directory Traversal Remote Code Execution Vulnerability

A directory traversal vulnerability allowing remote code execution has been identified in Citrix Application Delivery Controller (ADC) and Gateway versions 10.5, 11.1, 12.0, 12.1, and 13.0. This vulnerability allows an unauthenticated attacker to access and execute arbitrary code on the affected system by exploiting the directory traversal flaw.

Impact

Exploitation of this vulnerability allows for unauthenticated remote code execution on the affected system.

Reproduction

The vulnerability can be reproduced by sending a crafted HTTP request that exploits the directory traversal flaw. This can be done using a tool like curl or through a Metasploit module. The exploitation involves uploading a payload via a Perl script that is accessible through the traversed path, which is then executed on the server.

Remediation

Citrix has released patches for this vulnerability. Instructions for applying the update can be found in the Citrix Security Bulletin CTX267027. For systems where the update cannot be applied, Citrix recommends blocking requests that contain directory traversal attempts or that access the /vpns/ directory.