Jump to content
Welcome to our new Citrix community!

CVE-2019-19781 – Verification Tool


Recommended Posts

Hi Mark,

 

Found these alternatives:

https://github.com/trustedsec/cve-2019-19781

https://github.com/cisagov/check-cve-2019-19781

It also seems you can do a simple curl of the url, and you shouldn't be seeing the actual smb.conf page, but get a 403, 404, or see a Citrix page. If you get a 200, the system is (still) vulnerable). The command is:

curl https://<host>/vpn/../vpns/cfg/smb.conf --path-as-is --insecure

On some systems, it'll be slightly different:

curl https://<host>/vpn/../vpns/cfg/smb.conf -path-as-is -insecure

 

Best,

 

Koenraad

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...