Jump to content
Welcome to our new Citrix community!

Netscaler vulnerebilty Citrix CVE-2019-19781

Recommended Posts

Hey Huys,


I verified from Dection tool and i found my netscaler were compreosed during this attack and i paathed with latest build.


Kinldy let me know if i need to rebuild the netscaler from scratch or is there any way to avoid this.


as what i understand 

Compromised systems cannot be remediated by applying software patches that were released to fix the vulnerability. Once CNE actors establish a foothold on an affected device, their presence remains even though the original attack vector has been closed.

Link to comment
Share on other sites

  • 2 weeks later...


Yes you should rebuild from the scratch since there are some cron, xml files and many other things related with the threat, it would be good to create a backup to have ssl, licenses and nsconf files in another place. After that you would need to aisolate from network your box and then start rebuilding...

The option would be to delete all xml files, cron's and all that stuff, but since part of the attack is to get hashes of all your users/passwd the best way to avoid miss functioning is rebuild

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...