Jump to content
Updated Privacy Statement

Etienne Coppin

Members
 View Profile  See their activity

  • Posts

    20

  • Joined

  • Last visited

  • Days Won

    1

 Content Type 

Posts posted by Etienne Coppin

    CVE-2019-19781 - Vulnerability in Citrix Application Delivery Controller. Can Someone tell the effect of this Vulnerability on our Citrix devices.

    in Core ADC use cases

    Posted

    Patching and mitigation will be probably not enough. You have to re-check and control all your appliances.
    In our case, we found some compromised appliances (mitigation proposed by Citrix has been implemented too late on 12/01/2020), we decide to restore instances (or re-image instances) from 1st week of december before the CVE-2019-19781 publication, implement the mitigation proposed by Citrix, revoke/renew certificates + reset of all passwords involved with NetScaler + reset of all administrative accounts with priviledges.. Re-control everything after remediation.

    Read carefully these both articles for the verification steps and other recommandations

    https://www.poppelgaard.com/cve-2019-19781-what-you-should-know-and-how-to-fix-your-citrix-adc-access-gateway

    Read also this one, not so funny :

    https://www.fireeye.com/blog/threat-research/2020/01/vigilante-deploying-mitigation-for-citrix-netscaler-vulnerability-while-maintaining-backdoor.html

     

    • Like 1

    Mitigation Steps for CVE-2019-19781

    in Core ADC use cases

    Posted

    Patching and mitigation will be probably not enough. You have to re-check and control all your appliances.
    In our case, we found some compromised appliance, we decide to restore instances (or re-image instances) from 1st week of december before the CVE-2019-19781 publication, implement the mitigation proposed by Citrix, revoke/renew certificates + reset of all passwords involved with NetScaler + reset of all administrative accounts with priviledges.. Recontrol everything after remediation.

    Read carefully these both articles for the verification steps and other recommandations

    https://www.poppelgaard.com/cve-2019-19781-what-you-should-know-and-how-to-fix-your-citrix-adc-access-gateway

    Read also this one, not so funny :

    https://www.fireeye.com/blog/threat-research/2020/01/vigilante-deploying-mitigation-for-citrix-netscaler-vulnerability-while-maintaining-backdoor.html

     

    CVE-2019-19781

    in Core ADC use cases

    Posted

    Patching and mitigation will be probably not enough. You have to re-check and control all your appliances.
    In our case, we found some compromised appliance, we decide to restore instances (or re-image instances) from 1st week of december before the CVE-2019-19781 publication, implement the mitigation proposed by Citrix, revoke/renew certificates + reset of all passwords involved with NetScaler + reset of all administrative accounts with priviledges.. Recontrol everything after remediation.

    Read carefully these both articles for the verification steps and other recommandations

    https://www.poppelgaard.com/cve-2019-19781-what-you-should-know-and-how-to-fix-your-citrix-adc-access-gateway

    Read also this one, not so funny :

    https://www.fireeye.com/blog/threat-research/2020/01/vigilante-deploying-mitigation-for-citrix-netscaler-vulnerability-while-maintaining-backdoor.html

     

    Mitigation Steps for CVE-2019-19781

    in Core ADC use cases

    Posted

    Patching and mitigation will be probably not enough. You have to re-check and control all your appliances.
    In our case, we found some compromised appliance, we decide to restore instances (or re-image instances) from 1st week of december before the CVE-2019-19781 publication, implement the mitigation proposed by Citrix, revoke/renew certificates + reset of all passwords involved with NetScaler + reset of all administrative accounts with priviledges.. Recontrol everything after remediation.

    Read carefully these both articles for the verification steps and other recommandations

    https://www.poppelgaard.com/cve-2019-19781-what-you-should-know-and-how-to-fix-your-citrix-adc-access-gateway

    Read also this one, not so funny :

    https://www.fireeye.com/blog/threat-research/2020/01/vigilante-deploying-mitigation-for-citrix-netscaler-vulnerability-while-maintaining-backdoor.html

     

    CVE-2019-19781

    in NetScaler Gateway

    Posted

    Patching and mitigation will be probably not enough. You have to re-check and control all your appliances.
    In our case, we found some compromised appliance, we decide to restore instances (or re-image instances) from 1st week of december before the CVE-2019-19781 publication, implement the mitigation proposed by Citrix, revoke/renew certificates + reset of all passwords involved with NetScaler + reset of all administrative accounts with priviledges.. Recontrol everything after remediation.

    Read carefully these both articles for the verification steps and other recommandations

    https://www.poppelgaard.com/cve-2019-19781-what-you-should-know-and-how-to-fix-your-citrix-adc-access-gateway

    Read also this one, not so funny :

    https://www.fireeye.com/blog/threat-research/2020/01/vigilante-deploying-mitigation-for-citrix-netscaler-vulnerability-while-maintaining-backdoor.html

     

    CVE-2019-19781 - Vulnerability in Citrix Application Delivery Controller. New password will be resetted !

    in Core ADC use cases

    Posted

    Patching and mitigation will be probably not enough. You have to re-check and control all your appliances.
    In our case, we decide to restore instances (or re-image instances) from 1st week of december before the CVE-2019-19781 publication, implement the miyigation proposed by Citrix, revoke/renew certificates + reset of all passwords involved with NetScaler + reset of all administrative accounts with priviledges.

    Read carefully these both articles for the verification steps

    https://www.poppelgaard.com/cve-2019-19781-what-you-should-know-and-how-to-fix-your-citrix-adc-access-gateway

    https://www.fireeye.com/blog/threat-research/2020/01/vigilante-deploying-mitigation-for-citrix-netscaler-vulnerability-while-maintaining-backdoor.html

     

    CVE-2019-19781 - Question - Must SDX be patched in addition to VPX, or is VPX patching sufficient?

    in Core ADC use cases

    Posted

    Patching and mitigation will be probably not enough. You have to re-check and control all your appliances.
    In our case, we decide to restore instances (or re-image instances) from 1st week of december before the CVE-2019-19781 publication, implement the miyigation proposed by Citrix, revoke/renew certificates + reset of all passwords involved with NetScaler + reset of all administrative accounts with priviledges.

    Read carefully these both articles for the verification steps

    https://www.poppelgaard.com/cve-2019-19781-what-you-should-know-and-how-to-fix-your-citrix-adc-access-gateway

    https://www.fireeye.com/blog/threat-research/2020/01/vigilante-deploying-mitigation-for-citrix-netscaler-vulnerability-while-maintaining-backdoor.html

     

    • Like 2

    Mitigation Steps for CVE-2019-19781

    in Core ADC use cases

    Posted

    Patching and mitigation will be probably not enough. You have to re-check and control all your appliances.
    In our case, we decide to restore instances (or re-image instances) from 1st week of december before the CVE-2019-19781 publication, implement the miyigation proposed by Citrix, revoke/renew certificates + reset of all passwords involved with NetScaler + reset of all administrative accounts with priviledges. Read carefully these both articles

    https://www.poppelgaard.com/cve-2019-19781-what-you-should-know-and-how-to-fix-your-citrix-adc-access-gateway

    https://www.fireeye.com/blog/threat-research/2020/01/vigilante-deploying-mitigation-for-citrix-netscaler-vulnerability-while-maintaining-backdoor.html

     

© Cloud Software Group, Inc. All rights reserved.

×
×
  • Create New...