American multinational Software giant, Citrix systems, had recently announced to launch a new tool that will help in the identification of previously compromised devices which were announced with a CVE-2019-19781. Though it affects a few versions of Citrix Gateway, Citrix Application Delivery Controller (ADC), and two older versions of Citrix SD-WAN WANOP had been compromised.
FireEye Inc. which is an active player in the field of cyber threat intelligence and forensic analysis has come forward to partner with Citrix. The FireEye and Citrix GitHub repositories will provide users with free access to this tool. Both companies had strongly advised that their customers execute this tool as soon as possible to take appropriate steps for protection.
Chief Technology Officer of FireEye Mandiant consulting, Charles Carmakal had said about how their understanding of the active threats related to this vulnerability had developed as they worked closely with various Citrix customers. Although a lot of effort had been put in building the tool, there is no guarantee that all evidence of compromise will be realized. A forensic examination of the compromised system has to be done by organizations, so as to identify the scope and extent and of the incident.
Over 400,000 clients, worldwide are claimed to be using Citrix solutions. The CVE-2019-19781 vulnerability along with mitigations was first announced by Citrix in December 2019.