Citrix Systems has teamed up with FireEye Mandiant on an Indicator of Compromise Scanner that aids customers in the detection of compromise in connection with CVE-2019-19781, a vulnerability in Citrix Application Delivery Controller (ADC), Citrix Gateway, and two older versions of Citrix SD-WAN WANOP.
This tool is freely accessible in both the Citrix and FireEye GitHub repositories.
The free tool is designed to allow customers to run it locally on their Citrix instances and receive a rapid assessment of potential Indicators of Compromise based on known attacks and exploits.The tool is compatible with all supported versions of Citrix ADC and Citrix Gateway, including 10.5, 11.1, 12.0, 12.1, and 13.0 and Citrix SD-WAN WANOP versions 10.2.6 and 11.0.3.
In addition to applying the previously released mitigation steps until patch releases are available or installing the patch releases as they are published this week, Citrix and FireEye strongly recommend that all customers run this tool as soon as possible to increase their overall level of awareness of potential compromise, and take appropriate steps to protect themselves.
Instructions on how to use the tool can be found on the aforementioned GitHub sites.
Read more in the blog of Fermin J. Serna, Chief Information Security Officer at Citrix.