Citrix launches security intrusion detection tool

Get a free Techzine subscription!

Citrix and FireEye have announced that they are launching a new tool to combat the security error that has caused quite a few problems in recent weeks. The tool is available for free in the GitHub repositories of both Citrix and FireEye, and is designed to recognise if a user’s system has been hacked into by misusing the security error.

The tool runs locally on users’ Citrix instances, and should provide a quick indication of potential problems in the system. The tool works with all supported versions of Citrix ADC and Citrix Gateway, for Citrix SD-WAN WANOP it only works with versions 10.2.6 and 11.0.3. In addition to applying the steps indicated earlier and installing the permanent updates that will be made available this week, Citrix and FireEye advise all Citrix customers to use this tool as soon as possible. This should increase their awareness of possible problems.

Citrix announced the CVE-2019-19781 vulnerability on 17 December 2019. Exploits were published by multiple sources in early January 2020. As a result, the risk to user’s systems has increased significantly. As a result, multiple systems were completely taken offline. Citrix did already publish patches.

Diagnostic tool

“While our security and engineering teams have worked 24/7 to develop, test and deliver permanent solutions for CVE-2019-19781, we have been actively thinking about ways to help our customers understand if and how their systems may have been affected,” said Fermin J. Serna, Chief Information Security Officer at Citrix. In short, the main purpose of the tool is to give users more certainty.

The tool does not guarantee to find all evidence of a breach, or all evidence of a breach by CVE-2019-19781. When evidence of an intrusion is found on systems, Citrix states that organisations should conduct a forensic investigation of the affected system to determine the scope and extent of the incident.

Instructions on how to use the tool can be found on the GitHub pages above.