Avinish Pathak1709161001 Posted December 24, 2019 Share Posted December 24, 2019 Please suggest about the latest vulnerabilities on citrix adc. are the SDX also need to be mitigated.what are the actions do we need to do on SDX. Link to comment Share on other sites More sharing options...
Jenny Sheerin1709161207 Posted December 25, 2019 Share Posted December 25, 2019 VPX on the SDX with the following versions will be affected follow https://support.citrix.com/article/CTX267679 • Citrix ADC and Citrix Gateway version 13.0 all supported builds • Citrix ADC and NetScaler Gateway version 12.1 all supported builds • Citrix ADC and NetScaler Gateway version 12.0 all supported builds • Citrix ADC and NetScaler Gateway version 11.1 all supported builds • Citrix NetScaler ADC and NetScaler Gateway version 10.5 all supported builds Link to comment Share on other sites More sharing options...
Dean Briones Posted December 25, 2019 Share Posted December 25, 2019 Do we know when Citrix will realease a patch and also if we have to undo what we put in as a mitigation/workaround based on article here: https://support.citrix.com/article/CTX267679. Also has anyone experienced any issues after applying the workaround? Thanks in advance. Link to comment Share on other sites More sharing options...
Mike Turman Posted December 27, 2019 Share Posted December 27, 2019 Has anyone implemented the mitigation steps yet? Any issues or concerns thus far? Link to comment Share on other sites More sharing options...
Jenny Sheerin1709161207 Posted December 27, 2019 Share Posted December 27, 2019 I have had no issues after implementing mitigation steps. Link to comment Share on other sites More sharing options...
Rhonda Rowland1709152125 Posted December 27, 2019 Share Posted December 27, 2019 The SDX itself is not vulnerable as it doesn't host the /vpns/ paths. Just the VPX instances running on top of it. The responder policy and the settings to apply it to global management ips, is fairly constrained to specific types of requests with references to the /vpns/ directory if not the vpn client or containing a directory browse ".." reference. The risk to legitimate traffic is low and should not interfere with normal gateway style access, with the exception of preventing access tot the vpn client downloads page in the GUI (noted at bottom of article)...I don't know if this impacts the delivery of the vpn client to users, but an alternate client distribution mechanism could be employed if it does. The attack prevention is effective until an update can be released. Its still recommend that you test the config after deploying the mitigation, but I think you are better off with the responder policy while waiting on the build update. For when an updated build will be available. But subscript to the NetScaler security alerts and keep an eye on this arrticle and the original security bulletin for when updates are available. (Hopefully someone from Citrix can give you more info if you are still concerned.) Security bulletin for reference: https://support.citrix.com/article/CTX267027 Link to comment Share on other sites More sharing options...
Mike Turman Posted December 27, 2019 Share Posted December 27, 2019 Thanks Rhonda! I'm getting similar feedback from others regarding side-effects. Link to comment Share on other sites More sharing options...
Kevin Harris1709161607 Posted January 11, 2020 Share Posted January 11, 2020 We applied the required mitigation and assumed we were protected. Today someone finally released the code to test (cUrl command ) and upon testing our gateways we discovered they are still vulnerable!?!? I'm on hold now with Citrix for 40+ mins trying to get this resolved. Anyone else run into this? Link to comment Share on other sites More sharing options...
Matt Nation1709152669 Posted January 17, 2020 Share Posted January 17, 2020 On 1/11/2020 at 2:21 PM, Kevin Harris1709161607 said: We applied the required mitigation and assumed we were protected. Today someone finally released the code to test (cUrl command ) and upon testing our gateways we discovered they are still vulnerable!?!? I'm on hold now with Citrix for 40+ mins trying to get this resolved. Anyone else run into this? what code did you use to test? Link to comment Share on other sites More sharing options...
Keelyn Henning1709160375 Posted January 20, 2020 Share Posted January 20, 2020 Anyone know where to obtain the refresh build for 11.1.63.15 as well as the instructions on completing the upgrade? I signed up to be notified when it was released but didn't receive a notification yesterday. Link to comment Share on other sites More sharing options...
Etienne Coppin Posted January 21, 2020 Share Posted January 21, 2020 Patching and mitigation will be probably not enough. You have to re-check and control all your appliances. In our case, we decide to restore instances (or re-image instances) from 1st week of december before the CVE-2019-19781 publication, implement the miyigation proposed by Citrix, revoke/renew certificates + reset of all passwords involved with NetScaler + reset of all administrative accounts with priviledges. Read carefully these both articles https://www.poppelgaard.com/cve-2019-19781-what-you-should-know-and-how-to-fix-your-citrix-adc-access-gateway https://www.fireeye.com/blog/threat-research/2020/01/vigilante-deploying-mitigation-for-citrix-netscaler-vulnerability-while-maintaining-backdoor.html Link to comment Share on other sites More sharing options...
Etienne Coppin Posted February 2, 2020 Share Posted February 2, 2020 CISA : AA20-031A: Detecting Citrix CVE-2019-19781https://www.us-cert.gov/ncas/alerts/aa20-031a Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now