TelecomTV TelecomTV
  • News
  • Videos
  • Channels
  • Events
  • Network Partners
  • Industry Insights
  • Directory
  • Newsletters
  • Open RAN
  • Digital Platforms and Services
  • 5G
  • Access Evolution
  • Private Networks
  • Cloud Native
  • Edge
  • Open Networking
  • Sustainability
  • AI, Analytics and Automation
  • 6G Research and Innovation
  • Security
  • More Topics
  • Network Partners
  • Industry Insights
  • Directory
  • Newsletters
  • |
  • About
  • Contact
  • |
  • Connect with us
  • 5G
  • 6G Research and Innovation
  • Access Evolution
  • AI, Analytics and Automation
  • Cloud Native
  • Digital Platforms and Services
  • Edge
  • Open Networking
  • Open RAN
  • Private Networks
  • Security
  • Sustainability
  • Connect with TelecomTV
  • About
  • Privacy
  • Help
  • Contact
  • Sign In Register Subscribe
    • Subscribe
    • Sign In
    • Register
  • Search

Standards

Standards

Citrix and FireEye Mandiant Launch Indicator of Compromise Scanner

Via Citrix

Jan 25, 2020

Jan 22, 2020

Free tool provides assessment of system compromise in connection with CVE-2019-19781

Image

FORT LAUDERDALE, Fla. and MILPITAS, Calif. – Citrix Systems, Inc. (NASDAQ: CTXS) and FireEye Inc. (NASDAQ: FEYE) today announced the launch of a new tool for detection of compromise in connection with the previously announced CVE-2019-19781 vulnerability, which affects certain versions of Citrix Application Delivery Controller (ADC), Citrix Gateway, and two older versions of Citrix SD-WAN WANOP. This tool is freely accessible in both the Citrix and FireEye GitHub repositories.

The free tool is designed to allow customers to run it locally against their Citrix instances and receive a rapid assessment of potential indications of compromise in their systems based on known attacks and exploits. The tool is compatible with all supported versions of Citrix ADC and Citrix Gateway, including 11.1, 12.0, 12.1, 10.5, and 13.0, and Citrix SD-WAN WANOP versions 10.2.6 and 11.0.3. In addition to applying the previously released mitigation steps and installing the permanent updates being made available throughout this week, Citrix and FireEye strongly recommend that all Citrix customers run this tool as soon as possible to increase their overall level of awareness of potential compromise and take appropriate steps to protect themselves.

Citrix announced the CVE-2019-19781 vulnerability along with mitigations on December 17, 2019. Exploits – tools to take advantage of the vulnerability – were published by multiple third parties in early January 2020. As a result, the risk to unmitigated customer systems rose significantly.

“While our security and engineering teams have been working around the clock to develop, test and deliver permanent fixes to CVE-2019-19781, we have been actively thinking of ways to assist our customers in understanding if and how their systems may have been affected,” said Fermin J. Serna, Citrix’s Chief Information Security Officer.

“We partnered with FireEye Mandiant, which is at the forefront of cyber threat intelligence and forensic analysis, to develop a tool that leverages their knowledge of recent attacks against CVE-2019-19781 to help organizations identify potential compromises. The tool utilizes our technical knowledge of the Citrix ADC and Gateway products and CVE-2019-19781, combined with industry-leading expertise in cyber forensics and recent FireEye frontline learnings from CVE-2019-19781 related compromises,” Serna said.

Charles Carmakal, Chief Technology Officer of FireEye Mandiant consulting, said, “As we worked closely with various Citrix customers in their response to CVE-2019-19781, we developed an understanding of the active threats related to this vulnerability. We believe it is in the best interest of Citrix customers using affected product versions and the entire security community for us to join forces with Citrix to offer a free tool that organizations can rapidly deploy in their own environments to identify potential indicators of compromise of their systems.”

This tool is designed to provide increased awareness regarding potential indicators of compromise related to CVE-2019-19781 on an organization’s systems. The tool is not guaranteed to find all evidence of compromise, or all evidence of compromise related to CVE-2019-19781. If indications of compromise are identified on systems, organizations should perform a forensic examination of the compromised system to determine the scope and extent of the incident.

Instructions on how to use the tool can be found on the aforementioned GitHub sites.

Information regarding permanent fixes and mitigation steps released by Citrix in relation to the CVE-2019-19781 vulnerability can be found on Citrix’s website.

Citrix has provided additional context for customers regarding the forensic assessment tool in the following blog post: https://www.citrix.com/blogs/2020/01/22/citrix-and-fireeye-mandiant-share-forensic-tool-for-cve-2019-19781/

Additional FireEye Mandiant findings associated with CVE-2019-19781 can be found in the following blog post: https://www.fireeye.com/blog/products-and-services/2020/01/fireeye-and-citrix-tool-scans-for-iocs-related-to-vulnerability.html

Related Topics
  • Automotive,
  • Citrix,
  • IoT Services & Applications,
  • Smart Cities,
  • Standards,
  • Tracker,
  • Transport and Logistics

More Like This

Digital Platforms & Services

And the winner is… 3GPP

Feb 7, 2022

5G

Merging 5Gi and 3GPP specifications

Dec 17, 2021

Edge

Working towards seamless interworking between fibre access and LAN

Sep 24, 2021

5G

Rel-17 a Priority as F2F time proves elusive

Sep 21, 2021

4G LTE

Nokia’s IMS core provides a strong path to 5G

Sep 13, 2021

This content extract was originally sourced from an external website (Citrix) and is the copyright of the external website owner. TelecomTV is not responsible for the content of external websites. Legal Notices

Email Newsletters

Stay up to date with the latest industry developments: sign up to receive TelecomTV's top news and videos plus exclusive subscriber-only content direct to your inbox – including our daily news briefing and weekly wrap.

Subscribe

Top Picks

Highlights of our content from across TelecomTV today

10:14

Executive Interview: Vodafone’s Lucia De Miguel Albertos on the ultimate RAN Intelligent Controller

39:34

Figuring out the TCO of Open RAN

13:55

Vodafone and Juniper on the Importance of the RIC to Open RAN

4:24

Executive Interview: Neil McRae on BT's Open RAN Plans

TelecomTV
Company
  • About Us
  • Media Kit
  • Contact Us
Our Brands
  • DSP Leaders World Forum
  • Great Telco Debate
  • TelecomTV Events
Get In Touch
[email protected]
+44 (0) 207 448 1070
Connect With Us
  • Privacy
  • Cookies
  • Terms of Use
  • Legal Notices
  • Help

TelecomTV is produced by the team at Decisive Media.

© Decisive Media Limited 2022. All rights reserved. All brands and products are the trademarks of their respective holder(s).