Checklist for Citrix ADC CVE-2019-19781

Citrix has released a critical vulnerability warning (CVE-2019-19781) in all Citrix ADC & Gateway systems one week before Christmas. Several working exploits have been released since Jan. 10, 2020 and are available to everyone.

Important ! The fix from Citrix with the Responder Policy does not work on systems with version 12.1.51.16/51.19, 50.31 and older. If this version is in use, please update to the latest 12.1 version.

The exploits allow remote code to be executed anonymously, allowing unauthenticated attackers to take over the various machines with root privileges.

Continue reading “Checklist for Citrix ADC CVE-2019-19781”

Copy a Citrix ADC configuration to a new machine

In one of my recent projects, I had to build several Citrix ADCs in a new data center. After consultation with the customer, the same services and functions should be configured as in the old data center. The only difference was that the new data center should use different IP ranges and therefore all network settings of the Citrix ADCs and the connected services had to be adapted.

Requirements

  • Same version and build on all Citrix ADC
  • Same Citrix ADC license version on all Citrix ADC
  • IP addresses of the new Citrix ADC should be defined and free (NSIP, SNIP & VIP).
  • IP addresses of the connected machines should be known (server or server groups)
  • Basic configuration of the new Citrix ADC should be done (NSIP, SNIP, DNS, Timezone & License)
Continue reading “Copy a Citrix ADC configuration to a new machine”