home.social

#citrixadc — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #citrixadc, aggregated by home.social.

  1. #Citrix has fixed two critical security vulnerbilities in #CitrixADC and Gateway.

    support.citrix.com/s/article/C

    Check your ns.conf for the following configuration settings. If they are set, you should update immediately.

    enable ns feature.*rdpproxy
    add rdp serverprofile <RDP_server_name>
    add vpn vserver <vserver_name> -rdpServerProfileName <RDP_server_name>
    enable ns feature.*rdpproxy
    add authentication vserver
    add vpn vserver

  2. #Citrix has fixed two critical security vulnerbilities in #CitrixADC and Gateway.

    support.citrix.com/s/article/C

    Check your ns.conf for the following configuration settings. If they are set, you should update immediately.

    enable ns feature.*rdpproxy
    add rdp serverprofile <RDP_server_name>
    add vpn vserver <vserver_name> -rdpServerProfileName <RDP_server_name>
    enable ns feature.*rdpproxy
    add authentication vserver
    add vpn vserver

  3. #Citrix has fixed two critical security vulnerbilities in #CitrixADC and Gateway.

    support.citrix.com/s/article/C

    Check your ns.conf for the following configuration settings. If they are set, you should update immediately.

    enable ns feature.*rdpproxy
    add rdp serverprofile <RDP_server_name>
    add vpn vserver <vserver_name> -rdpServerProfileName <RDP_server_name>
    enable ns feature.*rdpproxy
    add authentication vserver
    add vpn vserver

  4. Found a guide for NetScaler (Citrix ADC) CVE-2023-3519 that explains how to validate and check for (currently) known Indicators of Compromise (IoCs) on a local CITRIX device.

    The full guide including the commands, can be found here: [Checklist for Citrix ADC CVE-2023-3519](deyda.net/index.php/en/2023/07)

    Please bear in mind that this is a guide "found on the internet". Although it appears to be reliable and it was mentioned by SANS stormcast, these devices are not my specific area of expertise. Use your brain and use at your own risk...

    Here are some key points from the article:

    1. **Log in with nsroot or another administrative account.**

    2. **Find out the time of the last update.** - This command lists the details of the files in the /var/nsinstall directory, which can help determine when the last update occurred.
    ```
    shell ls -ll /var/nsinstall
    ```

    3. **Check whether certain files have been adjusted since the last update.** - These commands find and list files in specified directories that have been modified since the last update.
    ```
    shell
    find /netscaler/ns_gui/ -type f -name *.php -newermt {Timestamp of Installer Files +1} -exec ls -l {} \;
    find /var/vpn/ -type f -newermt {Timestamp of Installer Files +1} -exec ls -l {} \;
    find /var/netscaler/logon/ -type f -newermt {Timestamp of Installer Files +1} -exec ls -l {} \;
    find /var/python/ -type f -newermt {Timestamp of Installer Files +1} -exec ls -l {} \;
    ```

    4. **Check for HTTP error log files.** - These commands search for .sh and .php entries in the HTTP error log files.
    ```
    zgrep '\.sh' /var/log/httperror.log*
    zgrep '\.php' /var/log/httperror.log*
    ```

    5. **Check for Shell log files.** - This command searches for entries related to '/flash/nsconfig/keys' in the shell log files.
    ```
    grep '/flash/nsconfig/keys' /var/log/sh.log*
    ```

    6. **Check log files for known IOCs.** - This command finds and lists files with root permissions that have been modified since the last update.
    ```
    find /var -perm -4000 -user root -not -path "/var/nslog/*" -newermt {Timestamp of Installer Files +1} -exec ls -l {} \;
    ```

    7. **Check for Nobody processes.** - This command lists processes running under the 'nobody' user that are not associated with '/bin/httpd'.
    ```
    shell ps aux | grep nobody | grep -v '/bin/httpd'
    ```


    #NetScaler #CitrixADC #CVE20233519 #SecurityGuide #IndicatorsOfCompromise #IoCs #InfoSec #CyberSecurity #VulnerabilityManagement #SecurityInvestigation #SysAdminTips #NetworkSecurity #CyberThreats #ITSecurity #OnlineSecurity #CyberAware #TechSafety #SecureNetworking #VulnerabilityScanning #InfoSecAwareness

  5. Found a guide for NetScaler (Citrix ADC) CVE-2023-3519 that explains how to validate and check for (currently) known Indicators of Compromise (IoCs) on a local CITRIX device.

    The full guide including the commands, can be found here: [Checklist for Citrix ADC CVE-2023-3519](deyda.net/index.php/en/2023/07)

    Please bear in mind that this is a guide "found on the internet". Although it appears to be reliable and it was mentioned by SANS stormcast, these devices are not my specific area of expertise. Use your brain and use at your own risk...

    Here are some key points from the article:

    1. **Log in with nsroot or another administrative account.**

    2. **Find out the time of the last update.** - This command lists the details of the files in the /var/nsinstall directory, which can help determine when the last update occurred.
    ```
    shell ls -ll /var/nsinstall
    ```

    3. **Check whether certain files have been adjusted since the last update.** - These commands find and list files in specified directories that have been modified since the last update.
    ```
    shell
    find /netscaler/ns_gui/ -type f -name *.php -newermt {Timestamp of Installer Files +1} -exec ls -l {} \;
    find /var/vpn/ -type f -newermt {Timestamp of Installer Files +1} -exec ls -l {} \;
    find /var/netscaler/logon/ -type f -newermt {Timestamp of Installer Files +1} -exec ls -l {} \;
    find /var/python/ -type f -newermt {Timestamp of Installer Files +1} -exec ls -l {} \;
    ```

    4. **Check for HTTP error log files.** - These commands search for .sh and .php entries in the HTTP error log files.
    ```
    zgrep '\.sh' /var/log/httperror.log*
    zgrep '\.php' /var/log/httperror.log*
    ```

    5. **Check for Shell log files.** - This command searches for entries related to '/flash/nsconfig/keys' in the shell log files.
    ```
    grep '/flash/nsconfig/keys' /var/log/sh.log*
    ```

    6. **Check log files for known IOCs.** - This command finds and lists files with root permissions that have been modified since the last update.
    ```
    find /var -perm -4000 -user root -not -path "/var/nslog/*" -newermt {Timestamp of Installer Files +1} -exec ls -l {} \;
    ```

    7. **Check for Nobody processes.** - This command lists processes running under the 'nobody' user that are not associated with '/bin/httpd'.
    ```
    shell ps aux | grep nobody | grep -v '/bin/httpd'
    ```


    #NetScaler #CitrixADC #CVE20233519 #SecurityGuide #IndicatorsOfCompromise #IoCs #InfoSec #CyberSecurity #VulnerabilityManagement #SecurityInvestigation #SysAdminTips #NetworkSecurity #CyberThreats #ITSecurity #OnlineSecurity #CyberAware #TechSafety #SecureNetworking #VulnerabilityScanning #InfoSecAwareness

  6. Found a guide for NetScaler (Citrix ADC) CVE-2023-3519 that explains how to validate and check for (currently) known Indicators of Compromise (IoCs) on a local CITRIX device.

    The full guide including the commands, can be found here: [Checklist for Citrix ADC CVE-2023-3519](deyda.net/index.php/en/2023/07)

    Please bear in mind that this is a guide "found on the internet". Although it appears to be reliable and it was mentioned by SANS stormcast, these devices are not my specific area of expertise. Use your brain and use at your own risk...

    Here are some key points from the article:

    1. **Log in with nsroot or another administrative account.**

    2. **Find out the time of the last update.** - This command lists the details of the files in the /var/nsinstall directory, which can help determine when the last update occurred.
    ```
    shell ls -ll /var/nsinstall
    ```

    3. **Check whether certain files have been adjusted since the last update.** - These commands find and list files in specified directories that have been modified since the last update.
    ```
    shell
    find /netscaler/ns_gui/ -type f -name *.php -newermt {Timestamp of Installer Files +1} -exec ls -l {} \;
    find /var/vpn/ -type f -newermt {Timestamp of Installer Files +1} -exec ls -l {} \;
    find /var/netscaler/logon/ -type f -newermt {Timestamp of Installer Files +1} -exec ls -l {} \;
    find /var/python/ -type f -newermt {Timestamp of Installer Files +1} -exec ls -l {} \;
    ```

    4. **Check for HTTP error log files.** - These commands search for .sh and .php entries in the HTTP error log files.
    ```
    zgrep '\.sh' /var/log/httperror.log*
    zgrep '\.php' /var/log/httperror.log*
    ```

    5. **Check for Shell log files.** - This command searches for entries related to '/flash/nsconfig/keys' in the shell log files.
    ```
    grep '/flash/nsconfig/keys' /var/log/sh.log*
    ```

    6. **Check log files for known IOCs.** - This command finds and lists files with root permissions that have been modified since the last update.
    ```
    find /var -perm -4000 -user root -not -path "/var/nslog/*" -newermt {Timestamp of Installer Files +1} -exec ls -l {} \;
    ```

    7. **Check for Nobody processes.** - This command lists processes running under the 'nobody' user that are not associated with '/bin/httpd'.
    ```
    shell ps aux | grep nobody | grep -v '/bin/httpd'
    ```


    #NetScaler #CitrixADC #CVE20233519 #SecurityGuide #IndicatorsOfCompromise #IoCs #InfoSec #CyberSecurity #VulnerabilityManagement #SecurityInvestigation #SysAdminTips #NetworkSecurity #CyberThreats #ITSecurity #OnlineSecurity #CyberAware #TechSafety #SecureNetworking #VulnerabilityScanning #InfoSecAwareness

  7. Found a guide for NetScaler (Citrix ADC) CVE-2023-3519 that explains how to validate and check for (currently) known Indicators of Compromise (IoCs) on a local CITRIX device.

    The full guide including the commands, can be found here: [Checklist for Citrix ADC CVE-2023-3519](deyda.net/index.php/en/2023/07)

    Please bear in mind that this is a guide "found on the internet". Although it appears to be reliable and it was mentioned by SANS stormcast, these devices are not my specific area of expertise. Use your brain and use at your own risk...

    Here are some key points from the article:

    1. **Log in with nsroot or another administrative account.**

    2. **Find out the time of the last update.** - This command lists the details of the files in the /var/nsinstall directory, which can help determine when the last update occurred.
    ```
    shell ls -ll /var/nsinstall
    ```

    3. **Check whether certain files have been adjusted since the last update.** - These commands find and list files in specified directories that have been modified since the last update.
    ```
    shell
    find /netscaler/ns_gui/ -type f -name *.php -newermt {Timestamp of Installer Files +1} -exec ls -l {} \;
    find /var/vpn/ -type f -newermt {Timestamp of Installer Files +1} -exec ls -l {} \;
    find /var/netscaler/logon/ -type f -newermt {Timestamp of Installer Files +1} -exec ls -l {} \;
    find /var/python/ -type f -newermt {Timestamp of Installer Files +1} -exec ls -l {} \;
    ```

    4. **Check for HTTP error log files.** - These commands search for .sh and .php entries in the HTTP error log files.
    ```
    zgrep '\.sh' /var/log/httperror.log*
    zgrep '\.php' /var/log/httperror.log*
    ```

    5. **Check for Shell log files.** - This command searches for entries related to '/flash/nsconfig/keys' in the shell log files.
    ```
    grep '/flash/nsconfig/keys' /var/log/sh.log*
    ```

    6. **Check log files for known IOCs.** - This command finds and lists files with root permissions that have been modified since the last update.
    ```
    find /var -perm -4000 -user root -not -path "/var/nslog/*" -newermt {Timestamp of Installer Files +1} -exec ls -l {} \;
    ```

    7. **Check for Nobody processes.** - This command lists processes running under the 'nobody' user that are not associated with '/bin/httpd'.
    ```
    shell ps aux | grep nobody | grep -v '/bin/httpd'
    ```


    #NetScaler #CitrixADC #CVE20233519 #SecurityGuide #IndicatorsOfCompromise #IoCs #InfoSec #CyberSecurity #VulnerabilityManagement #SecurityInvestigation #SysAdminTips #NetworkSecurity #CyberThreats #ITSecurity #OnlineSecurity #CyberAware #TechSafety #SecureNetworking #VulnerabilityScanning #InfoSecAwareness

  8. #Citrix has disclosed multiple vulnerabilities in their #CitrixADC & #CitrixGateway products. Successful exploitation of these vulnerabilities will allow attackers gain root access & perform remote code execution.

    These vulnerabilities have a
    #CVSS score ranging from 8 to 9.8 out of 10.

    Organizations with these Citrix products are advised to
    #patch immediately.

    #infosec #cybersecurity #PatchManagement #VulnerabilityManagement #RCE

    https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467

  9. #Citrix has disclosed multiple vulnerabilities in their #CitrixADC & #CitrixGateway products. Successful exploitation of these vulnerabilities will allow attackers gain root access & perform remote code execution.

    These vulnerabilities have a
    #CVSS score ranging from 8 to 9.8 out of 10.

    Organizations with these Citrix products are advised to
    #patch immediately.

    #infosec #cybersecurity #PatchManagement #VulnerabilityManagement #RCE

    https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467

  10. #Citrix has disclosed multiple vulnerabilities in their #CitrixADC & #CitrixGateway products. Successful exploitation of these vulnerabilities will allow attackers gain root access & perform remote code execution.

    These vulnerabilities have a
    #CVSS score ranging from 8 to 9.8 out of 10.

    Organizations with these Citrix products are advised to
    #patch immediately.

    #infosec #cybersecurity #PatchManagement #VulnerabilityManagement #RCE

    https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467

  11. #Citrix has disclosed multiple vulnerabilities in their #CitrixADC & #CitrixGateway products. Successful exploitation of these vulnerabilities will allow attackers gain root access & perform remote code execution.

    These vulnerabilities have a
    #CVSS score ranging from 8 to 9.8 out of 10.

    Organizations with these Citrix products are advised to
    #patch immediately.

    #infosec #cybersecurity #PatchManagement #VulnerabilityManagement #RCE

    https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467

  12. #Citrix has disclosed multiple vulnerabilities in their #CitrixADC & #CitrixGateway products. Successful exploitation of these vulnerabilities will allow attackers gain root access & perform remote code execution.

    These vulnerabilities have a
    #CVSS score ranging from 8 to 9.8 out of 10.

    Organizations with these Citrix products are advised to
    #patch immediately.

    #infosec #cybersecurity #PatchManagement #VulnerabilityManagement #RCE

    https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467

  13. Jetzt patchen! Tausende Citrix-Server sind noch verwundbar

    Angreifer nutzen derzeit kritische Lücken in Citrix ADC und Gateway aus. Trotz verfügbarer Sicherheitspatches sind viele Instanzen noch nicht gepatcht.

    heise.de/news/Jetzt-patchen-Ta

    #CitrixADC #Gateway #Patches #Security #Sicherheitslücken #Updates #News

  14. Jetzt patchen! Tausende Citrix-Server sind noch verwundbar

    Angreifer nutzen derzeit kritische Lücken in Citrix ADC und Gateway aus. Trotz verfügbarer Sicherheitspatches sind viele Instanzen noch nicht gepatcht.

    heise.de/news/Jetzt-patchen-Ta

    #CitrixADC #Gateway #Patches #Security #Sicherheitslücken #Updates #News

  15. Jetzt patchen! Tausende Citrix-Server sind noch verwundbar

    Angreifer nutzen derzeit kritische Lücken in Citrix ADC und Gateway aus. Trotz verfügbarer Sicherheitspatches sind viele Instanzen noch nicht gepatcht.

    heise.de/news/Jetzt-patchen-Ta

    #CitrixADC #Gateway #Patches #Security #Sicherheitslücken #Updates #News

  16. Jetzt patchen! Tausende Citrix-Server sind noch verwundbar

    Angreifer nutzen derzeit kritische Lücken in Citrix ADC und Gateway aus. Trotz verfügbarer Sicherheitspatches sind viele Instanzen noch nicht gepatcht.

    heise.de/news/Jetzt-patchen-Ta

    #CitrixADC #Gateway #Patches #Security #Sicherheitslücken #Updates #News

  17. Jetzt patchen! Tausende Citrix-Server sind noch verwundbar

    Angreifer nutzen derzeit kritische Lücken in Citrix ADC und Gateway aus. Trotz verfügbarer Sicherheitspatches sind viele Instanzen noch nicht gepatcht.

    heise.de/news/Jetzt-patchen-Ta

    #CitrixADC #Gateway #Patches #Security #Sicherheitslücken #Updates #News

  18. Citrix schließt Sicherheitslücken, durch die Angreifer etwa unberechtigt auf die Gerätefunktionen zugreifen können. Administratoren sollten zügig aktualisieren.
    Citrix Gateway und ADC: Kritische Lücke ermöglicht unbefugten Zugriff
  19. Citrix schließt Sicherheitslücken, durch die Angreifer etwa unberechtigt auf die Gerätefunktionen zugreifen können. Administratoren sollten zügig aktualisieren.
    Citrix Gateway und ADC: Kritische Lücke ermöglicht unbefugten Zugriff
  20. Es gibt wichtige Sicherheitspatches für Citritx ADC und Citrix Gateway. Angreifer könnten die Netzwerk-Hardware lahmlegen.
    Sicherheitsupdates: Angreifer könnten Netzwerk-Hardware von Citrix lahmlegen
  21. Es gibt wichtige Sicherheitspatches für Citritx ADC und Citrix Gateway. Angreifer könnten die Netzwerk-Hardware lahmlegen.
    Sicherheitsupdates: Angreifer könnten Netzwerk-Hardware von Citrix lahmlegen