Jump to content
Welcome to our new Citrix community!

CVE-2019-19781 Scan tool


Recommended Posts

Good tool to scan the ADC for expoits (I am not affiliated with this company)

 

https://www.fireeye.com/blog/products-and-services/2020/01/fireeye-and-citrix-tool-scans-for-iocs-related-to-vulnerability.html

 

upload the script (for example to /tmp), make it executable (via WinSCP, cli etc)

run it as nsroot

shell

cd /tmp

ioc-scanner-CVE-2019-19781-v1.0.sh > "/tmp/results-$(date).txt"

 

Link to comment
Share on other sites

On 1/24/2020 at 9:12 AM, Patrick Schoumlberl said:

Good tool to scan the ADC for expoits (I am not affiliated with this company)

 

https://www.fireeye.com/blog/products-and-services/2020/01/fireeye-and-citrix-tool-scans-for-iocs-related-to-vulnerability.html

 

upload the script (for example to /tmp), make it executable (via WinSCP, cli etc)

run it as nsroot

shell

cd /tmp

ioc-scanner-CVE-2019-19781-v1.0.sh > "/tmp/results-$(date).txt"

 

 

But note, that the script will tell you you´re compromised, if you changed the nsroot or rpc password.

 

**********************************************************************
MATCH: blacklisted content '/etc/passwd'
Found evidence of potential compromise.                               
You should consider performing a forensic investigation of the system.
**********************************************************************
 

I got thoses warning on all Netscalers and than took a fresh VPX (.63), imported it without any external connection, changed only the nsroot password and got the same warning. 

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...