Security News > 2020 > January > IoC Scanner shows if Citrix appliances have been compromised via CVE-2019-19781

IoC Scanner shows if Citrix appliances have been compromised via CVE-2019-19781
2020-01-23 14:02

Citrix and FireEye have teamed up to provide sysadmins with an IoC scanner that shows whether a Citrix ADC, Gateway or SD-WAN WANOP appliance has been compromised via CVE-2019-19781.

Though the number of vulnerable Citrix endpoints is declining rather quickly, we don't know have many have been compromised since the start of the attacks.

Nearly two weeks ago, TrustedSec created a list of locations and indicators to search for on potentially compromised Citrix ADC hosts and shared instructions on how to check for them.

The IoC Scanner can be run directly on a live Citrix ADC, Gateway, or SD-WAN WANOP system, or can be used to inspect a mounted forensic image.

If the tool shows that IoCs are present, admins should definitely initiate a forensic investigation to determine the scope of the compromise.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/guf-qW4q8qk/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2019-12-27 CVE-2019-19781 Path Traversal vulnerability in Citrix products
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0.
network
low complexity
citrix CWE-22
critical
 9.8
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Citrix 66 2 64 101 46 213