IPS - Citrix NetScaler/ADC Critical Flaw CVE-2019-19781
Can WatchGuard advise if they are working on a IPS update for this ?
I didn't find anything in the security portal
CVE-2019-19781 - Vulnerability in Citrix Application Delivery Controller and Citrix Gateway
https://support.citrix.com/article/CTX267027
Thanks
0
Sign In to comment.
Comments
WG gets its IPS signatures from Trend Micro.
https://www.watchguard.com/wgrd-partners/oem-partners
Presumably Trend Micro will provide an IPS signature for this soon, and then WG will include it in an upcoming IPS signature update.
The latest version of IPS signatures is from Jan 7 on my firewall.
My IPS signatures show Jan 18, however still getting hit with attacks. Can anyone confirm that WatchGuard can block it?
Perhaps my firewall policy is just configured wrong?
You can search the IPS database here:
https://www.watchguard.com/SecurityPortal/ThreatDB.aspx
I don't see this CVE listed yet, and a search for citrix does not show it either.
That's odd. When looking for citrix here:
https://www.watchguard.com/SecurityPortal/ThreatDB.aspx?search=citrix I do find several recent IPS protections.
One of the latest is https://www.watchguard.com/SecurityPortal/ThreatDetail.aspx?rule_id=1136561&includedIn=Full, Enhanced, Standard which is supposed to be in Signature Version: 4.1014 according to the definition. When I look at my firebox, that runs IPS signature version 4.1014, the most recent protect ID is 1136538.
It seems to me that real life fireboxes lack at least 23 IPS signatures that should be present according to the online threadDB.
My guess: We're still unprotected, as also access logging suggests.
After reboot cluster members and manual clock on update button for IPS signatures, the version remained 4.1014, but now all signatures are visible, with the latest citrix protection included.