Citrix is deeply committed to the security of our products and services, and we are making every effort to ensure all customers are supported in response to CVE-2019-19781.

To that end, this morning we announced that we have teamed up with FireEye Mandiant on an Indicator of Compromise Scanner that aids customers in the detection of compromise in connection with CVE-2019-19781.

The free tool, available under the Apache 2.0 open source license, provides customers with increased awareness of potential compromise related to the CVE-2019-19781 vulnerability on their systems. The tool is designed to allow customers to run it locally on their Citrix instances and receive a rapid assessment of potential Indicators of Compromise based on known attacks and exploits.

The tool combines Citrix’s technical knowledge of the Citrix ADC and Gateway products and CVE-2019-19781 with industry-leading FireEye Mandiant’s forensics expertise and current knowledge of recent CVE-2019-19781 related compromises. FireEye Mandiant is not only at the forefront of cyberthreat intelligence and forensics, but has first-hand knowledge of the threat landscape and current exploits specific to CVE-2019-19781, making it an ideal partner for this important initiative.

In addition to applying the previously released mitigation steps until patch releases are available or installing the patch releases as they are published this week, we strongly recommend that all customers run this tool as soon as possible to increase their overall level of awareness of potential compromise, and take appropriate steps to protect themselves.

The tool is compatible with all supported versions of Citrix ADC and Citrix Gateway, including 10.5, 11.1, 12.0, 12.1, and 13.0 and Citrix SD-WAN WANOP versions 10.2.6 and 11.0.3.

You can find the tool and instructions here.

Our Ongoing Commitment to Supporting our Customers

We are fully committed to ensuring that all customers remediate their systems for the CVE-2019-19781 vulnerability. At the time of announcement, we introduced a comprehensive set of mitigations, and earlier this week, we made available the first permanent fixes for versions 11.1 and 12.0., and plan to release the remaining fixes later this week.

Throughout this process, we have listened closely to customer feedback and made adjustments when needed, and will continue to engage closely with customers to assist them through the process. We will continue to offer enhanced customer support through the mitigation and patch process, including:

  • We released the first two sets of permanent fixes to all customers, regardless of whether they have an active maintenance contract with Citrix. We will make the permanent patches for other supported versions available later this week on the same basis.
  • We provided a tool that customers can use to ensure that the mitigations have successfully been applied.
  • We are working aggressively to understand which customers have not yet applied the recommended fixes and are proactively encouraging them to do so. Our Security Team is actively scanning the internet to identify which at-risk customers have not yet installed the recommended mitigation or patch releases, and following up through individual communications to ensure awareness and encourage those customers to apply the recommended steps right away.
  • We expanded our 24/7 product support help desk team by 3x to reduce wait times and assist with patch installation. We have also made our engineering and product management teams accessible to customers 24/7.
  • We have been communicating actively with customers throughout the process via blog updates and sales and partner updates.
  • We have developed support tools to walk customers through installation of the permanent fixes, including real-time chat support, in addition to augmented product support services.

We remain committed to incorporating feedback from our customers and adapting our communication and customer support offering as permanent fixes continue to be rolled out. We welcome the community to reach out to us at secure@citrix.com with any additional feedback.

We deeply regret the impact this vulnerability has had on any affected customers, and would like to thank our customers and partners for their patience as our teams worked diligently to develop and test these permanent fixes. We will be keeping the above measures in place as long as necessary, and we look forward to making permanent fixes for all other supported versions of Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP later this week. If you have not already done so, to ensure you are protected in the meantime please apply the previously supplied mitigations to those versions for which patch releases are not yet available pending their release later this week.