Citrix and FireEye have released compromise detection solutions for a previously discovered vulnerability CVE-2019-19781, which affects some versions of the Citrix Application Delivery Controller (ADC), Citrix Gateway, as well as two earlier versions of Citrix SD-WAN WANOP. These tools are already available completely free in GitHub repositories. Citrix and Fireye. Instructions for use can be found there.
We talked about the vulnerability CVE-2019-19781 and that there were already open exploits for it, last week. After the publication of the exploits, attacks on vulnerable versions of Citrix were expected to intensify, as many hackers now hope to compromise some important goal that did not have time to upgrade – a corporate network, a state server, or a government agency.
Users and administrators can now use Citrix and FireEye to locally check their Citrix devices to quickly assess the likelihood of system compromises. The toolkit is compatible with all supported versions of CitrixADC and CitrixGateway, including 11.1, 12.0, 12.1, 10.5 and 13.0, as well as with CitrixSD-WANWANOP versions 10.2.6 and 11.0.3. In addition to installing patches, Citrix and FireEye strongly recommend that everyone use the tool as soon as possible to learn about the possibility of compromise and take appropriate protective measures.
“While our engineers and security specialists worked around the clock to create, test, and distribute current patches for CVE-2019-19781, we were actively looking for ways to help customers understand if they were affected, and if so, how their systems were affected, Says FerminJ. Serna, Citrix Head of Information Security. “We partnered with FireEye Mandiant, a leading cyber threat research and retrospective analysis company, to use their knowledge of recent CVE-2019-19781 vulnerability attacks to develop tools to help organizations identify potential compromises.”