Today, we released the permanent fix for Citrix Application Delivery Controller (ADC) version 10.5 to address the CVE-2019-19781 vulnerability. We have now released permanent fixes for all supported versions of ADC, Gateway, and SD-WAN WANOP. These fixes are available to download for ADC and Gateway.

As with the permanent fixes made available for Citrix ADC and Citrix Gateway versions 11.1, 12.0, 12.1, 13.0, and Citrix SD-WAN 4000-WO, 5000-WO, 4100-WO, and 5100-WO earlier this week, these fixes are available to all customers regardless of whether they have an active maintenance contract with Citrix. We strongly urge all customers to immediately install these fixes.

The fixes released throughout this week will only work for indicated versions and if installed correctly. Upgrade guides can be found on the download pages. While these upgrades are not difficult to install, we recommend reviewing the instructions and calling our Support Center if you have any questions. To further assist with installations, we have staffed our support center with outstanding networking technical resources, and we are providing real-time chat support.

Customer security is a top priority for Citrix, and we remain fully committed to ensuring that all customers remediate their systems for the CVE-2019-19781 vulnerability. To that end, we will keep all enhanced customer support measures in place for as long as necessary. We also encourage all customers to use the free Indicator of Compromise Scanning tool that we teamed up with FireEye Mandiant to launch this week. The tool is freely accessible in the Citrix GitHub Repository and provides customers with increased awareness of potential compromise related to the CVE-2019-19781 vulnerability on their systems.

We remain committed to incorporating feedback from our customers and adapting our communication and customer support offerings as needed. We welcome the community to reach out to us at secure@citrix.com with any additional feedback.

We deeply regret the impact this vulnerability has had on any affected customers, and would like to thank our customers and partners for their patience as our teams worked diligently to develop and test permanent fixes that fully address this vulnerability. I would also like to thank our engineering team for their efforts which enabled delivery of the full range of permanent fixes ahead of schedule.