Jump to content
Welcome to our new Citrix community!

cve-2019-19781 on VPX - Running the Fire Eye Mandiant


Recommended Posts

Hi all,

 

Unfortunately we have been handed over an ADC with an older version (13.0-47.22) affected by  cve-2019-19781 and we are trying to run the FireEye Mandiant as per article below to ensure there was no compromises on the VPX.

 

I am running this on root level and this is the command I am entering

$ bash ./ioc-scanner-CVE-2019-19781-v1.0.sh > "/tmp/240920.txt"

 

and the output is

NS version                            : 13.0-47.22

Scanner version                       : v1.0-62-g3f53c14

Scanner run mode                      : Default

Evidence of compromise found          : No

Evidence of scanning found            : N/A - Script Executed in Default Mode

Evidence of failed exploitation found : N/A - Script Executed in Default Mode

 

 

https://www.fireeye.com/blog/products-and-services/2020/01/fireeye-and-citrix-tool-scans-for-iocs-related-to-vulnerability.html

 

I was able to run the sh script but its not running in LIVE mode but default mode.. Is there a difference between Live and default mode?

Is there a way I can make sure I can be on LIVE mode. I ran this when the script was available in Jan/Feb on a MPX box and it ran on the 'Live' mode.

 

Adil

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...