Yesterday Citrix released remaining permanent firmware fixes for the previously identified vulnerability, CVE-2019-19781. To help everyone Citrix has made it available to all customers, regardless of their maintenance entitlement.
Permanent fixes for CVE-2019-19781 ADC versions 13.0, 12.1, 12.0 and 11.1 are available now:
These fixes also apply to Citrix ADC/Gateway Virtual Appliances (VPX) hosted on any of ESX, Hyper-V, KVM, XenServer, Azure, AWS, GCP or on a Citrix ADC Service Delivery Appliance (SDX).
It is necessary to upgrade all Citrix ADC/Gateway for instances running 13.0 (MPX or VPX) to build 220.127.116.11, for instances running 12.1 (MPX or VPX) to build 18.104.22.168, for instances running 12.0 (MPX or VPX) to build 22.214.171.124, for instances running 11.1 (MPX or VPX) to build 126.96.36.199 and for instances running 10.5 (MPX or VPX) to build 10.5.70.12 to install the security vulnerability fixes.
For more details, please refer to CVE KB
If you want more info about this vulnerability I recommend read this article from Thomas Poppelgaard