topic Re: Protection for Citrix vulnerability CVE-2019-19781 in General Topics

Protection for Citrix vulnerability CVE-2019-19781

RREALICA — Tue, 24 Dec 2019 22:03:06 GMT

Hi,

Is there any official word when PA will get protection for CVE-2019-19781 - Vulnerability in Citrix Application Delivery Controller and Citrix Gateway?

https://support.citrix.com/article/CTX267027

Thanks.

Re: Protection for Citrix vulnerability CVE-2019-19781

Rajesh12 — Thu, 26 Dec 2019 04:39:34 GMT

@RREALICA

PA have not released signature for this vulnerability yet. But you can monitor it at threat vault.

https://threatvault.paloaltonetworks.com/

Re: Protection for Citrix vulnerability CVE-2019-19781

zachzoom — Fri, 27 Dec 2019 19:31:55 GMT

I don't see anything in threat vault for that CVE...is that because there is no signature yet and it will show up when there is one?

Re: Protection for Citrix vulnerability CVE-2019-19781

Rajesh12 — Mon, 30 Dec 2019 04:04:16 GMT

@zachzoom

Yes, it will show up in Threat Vault when once PA defined signatures for it.

Re: Protection for Citrix vulnerability CVE-2019-19781

RREALICA — Mon, 30 Dec 2019 17:06:28 GMT

fyi in case anyone is interested: SANS Webcasst: What you Need To Know About The Critical Citrix Gateway (Netscaler) Vulnerability CVE-2019-19781

https://www.sans.org/webcasts/about-critical-citrix-gateway-netscaler-vulnerability-cve-2019-19781-112990

Re: Protection for Citrix vulnerability CVE-2019-19781

Anon1 — Wed, 08 Jan 2020 11:33:48 GMT

Signature is released in content update 8224.

Re: Protection for Citrix vulnerability CVE-2019-19781

twan.hermans — Tue, 14 Jan 2020 09:05:22 GMT

Hi,

As there is an signature sinds a couple of days, i indeed see some hits, and reset actions. But i wonder how the palo will detect this vulnerability, because we don't have ssl decryption enabled, and our citrix is only available on https.

Does anyone have some theorie ?

Best regards,

Twan Hermans