Citrix has published a security bulletin that mentions a vulnerability that can be exploited to achieve arbitrary code execution by a remote,unauthenticated attacker. Although the bulletin does not describe details about the vulnerability,the mitigation steps describe techniques to block the handling of requests that contain a directory traversal attempt(/../)and also requests that attempt to access the/vpns/directory. Although this vulnerability was disclosed by Citrix on December 17,2019,Citrix has not yet provided a software update to address the issue.
Support the originator by clicking the read the rest link below.