-
-
Save fox-srt/c7eb3cbc6b4bf9bb5a874fa208277e86 to your computer and use it in GitHub Desktop.
rdx_en_date | rdx_en_stamp | vhash | version | |
---|---|---|---|---|
2018-08-25 03:29:12 | 1535167752 | 12.1-49.23 | ||
2018-10-16 17:54:20 | 1539712460 | 12.1-49.37 | ||
2018-11-28 08:56:26 | 1543395386 | 26df0e65fba681faaeb333058a8b28bf | 12.1-50.28 | |
2019-01-18 17:41:34 | 1547833294 | d3b5c691a4cfcc6769da8dc4e40f511d | 12.1-50.31 | |
2019-02-13 06:11:52 | 1550038312 | 1ffe249eccc42133689c145dc37d6372 | ||
2019-02-27 09:30:02 | 1551259802 | 995a76005c128f4e89474af12ac0de66 | 12.1-51.16 | |
2019-03-25 22:37:08 | 1553553428 | d2bd166fed66cdf035a0778a09fd688c | 12.1-51.19 | |
2019-04-19 11:04:22 | 1555671862 | 489cadbd8055b1198c9c7fa9d34921b9 | ||
2019-05-13 17:41:47 | 1557769307 | 86b4b2567b05dff896aae46d6e0765bc | 13.0-36.27 | |
2019-06-03 08:17:03 | 1559549823 | 73217f4753a74300c0a2ad762c6f1e65 | ||
2019-07-15 16:42:47 | 1563208967 | dc8897f429a694d44934954b47118908 | ||
2019-09-10 07:54:45 | 1568102085 | 43a8abf580ea09a5fa8aa1bd579280b9 | 13.0-41.20 | |
2019-09-16 22:22:54 | 1568672574 | 0705e646dc7f84d77e8e48561253be12 | ||
2019-10-07 10:37:28 | 1570444648 | 09a78a600b4fc5b9f581347604f70c0e | ||
2019-10-11 13:24:36 | 1570800276 | 7116ed70ec000da9267a019728ed951e | 13.0-41.28 | |
2019-11-05 05:18:47 | 1572931127 | 8c62b39f7068ea2f3d3f7d40860c0cd4 | 12.1-55.13 | |
2019-11-28 19:06:22 | 1574967982 | fedb4ba86b5edcbc86081f2893dc9fdf | 13.0-47.22 | |
2020-01-20 12:46:27 | 1579524387 | 02d30141fd053d5c3448bf04fbedb8d6 | 12.1-55.18 | |
2020-01-20 13:09:05 | 1579525745 | fd96bc8977256003de05ed84270b90bb | 13.0-47.24 | |
2020-02-28 14:27:56 | 1582900076 | f787f9a8c05a502cd33f363e1e9934aa | 12.1-55.24 | |
2020-03-18 17:41:16 | 1584553276 | b5fae8db23061679923e4b2a9b6c7a82 | ||
2020-03-19 17:40:43 | 1584639643 | e79f3bbf822c1fede6b5a1a4b6035a41 | 13.0-52.24 | |
2020-03-29 09:10:32 | 1585473032 | f2db014a3eb9790a19dfd71331e7f5d0 | 12.1-56.22 | |
2020-06-01 06:48:41 | 1590994121 | fdf2235967556bad892fbf29ca69eefd | 13.0-58.30 | |
2020-06-09 19:06:55 | 1591729615 | 4ecb5abf6e4b1655c07386a2c958597c | 12.1-57.18 | |
2020-07-02 16:38:13 | 1593707893 | dcb06155d51a0234e9d127658ef9f21f | 13.0-58.32 | |
2020-07-22 19:49:27 | 1595447367 | 12c4901ecc3677aad06f678be49cb837 | 13.0-61.48 | |
2020-08-14 14:54:04 | 1597416844 | a1494e2e09cb96e424c6c66512224941 | ||
2020-09-01 11:47:01 | 1598960821 | b1b38debf0e55c285c72465da3715034 | 12.1-58.15 | |
2020-09-01 16:14:56 | 1598976896 | 06fbfcf525e47b5538f856965154e28c | 13.0-64.35 | |
2020-09-22 01:21:45 | 1600737705 | 7a0c8874e93395c5e4f1ef3e5e600a25 | 12.1-59.16 | |
2020-10-07 16:07:09 | 1602086829 | a8e0eb4a1b3e157e0d3a5e57dc46fd35 | 13.0-67.39 | |
2020-10-08 09:03:02 | 1602147782 | 0aef7f8e9ea2b528aa2073f2875a28b8 | 12.1-55.190 | |
2020-11-04 10:14:41 | 1604484881 | f1eb8548a4f1d4e565248d4db456fffe | ||
2020-11-13 12:56:30 | 1605272190 | e2444db11d0fa5ed738aa568c2630704 | 13.0-67.43 | |
2020-11-22 13:29:18 | 1606051758 | 62eba0931b126b1558fea39fb466e588 | ||
2020-12-03 05:13:26 | 1606972406 | 9b545e2e4d153348bce08e3923cdfdc1 | 13.0-71.40 | |
2020-12-26 19:04:08 | 1609009448 | 25ad60e92a33cbb5dbd7cd8c8380360d | 13.0-71.44 | |
2020-12-26 19:39:25 | 1609011565 | 0b516b768edfa45775c4be130c4b96b5 | 12.1-60.19 | |
2021-01-04 03:07:45 | 1609729665 | b3deb35b8a990a71acca052fd1e6e6e1 | 12.1-55.210 | |
2021-01-06 09:43:42 | 1609926222 | f0cc58ce7ec931656d9fcbfe50d37c4b | ||
2021-02-02 13:36:06 | 1612272966 | 83e486e7ee7eb07ab88328a51466ac28 | 12.1-61.18 | |
2021-02-18 18:37:49 | 1613673469 | 454d4ccdefa1d802a3f0ca474a2edd73 | 13.0-76.29 | |
2021-03-08 17:23:41 | 1615224221 | 08ff522057b9422863dbabb104c7cf4b | 12.1-61.19 | |
2021-03-09 09:20:39 | 1615281639 | 648767678188e1567b7d15eee5714220 | 13.0-76.31 | |
2021-03-11 15:46:10 | 1615477570 | ce5da251414abbb1b6aed6d6141ed205 | 12.1-61.19 | |
2021-04-05 14:13:22 | 1617632002 | 5e55889d93ff0f13c39bbebb4929a68e | 13.0-79.64 | |
2021-05-10 14:38:02 | 1620657482 | 35389d54edd8a7ef46dadbd00c1bc5ac | 12.1-62.21 | |
2021-05-12 11:36:11 | 1620819371 | 9f4514cd7d7559fa1fb28960b9a4c22d | ||
2021-05-17 15:56:11 | 1621266971 | 8e4425455b9da15bdcd9d574af653244 | 12.1-62.23 | |
2021-05-31 14:05:18 | 1622469918 | 73952bdeead9629442cd391d64c74d93 | 13.0-82.41 | |
2021-06-10 19:21:20 | 1623352880 | 25169dea48ef0f939d834468f3c626d2 | 13.0-82.42 | |
2021-06-10 23:39:05 | 1623368345 | efb9d8994f9656e476e80f9b278c5dae | 12.1-62.25 | |
2021-07-06 17:02:58 | 1625590978 | affa5cd9f00480f144eda6334e03ec27 | ||
2021-07-07 01:45:38 | 1625622338 | e1ebdcea7585d24e9f380a1c52a77f5d | 12.1-62.27 | |
2021-07-16 16:45:56 | 1626453956 | eb3f8a7e3fd3f44b70c121101618b80d | 13.0-82.45 | |
2021-09-10 07:31:30 | 1631259090 | 98a21b87cc25d486eb4189ab52cbc870 | 13.1-4.43 | |
2021-09-27 14:01:20 | 1632751280 | c9e95a96410b8f8d4bde6fa31278900f | 13.0-83.27 | |
2021-10-12 11:53:46 | 1634039626 | 435b27d8f59f4b64a6beccb39ce06237 | ||
2021-10-13 08:24:09 | 1634113449 | f3d4041188d723fec4547b1942ffea93 | 12.1-63.22 | |
2021-11-11 14:42:53 | 1636641773 | 158c7182df4973f1f5346e21e9d97a01 | 13.1-4.44 | |
2021-11-11 17:02:35 | 1636650155 | a66c02f4d04a1bd32bfdcc1655c73466 | 13.0-83.29 | |
2021-11-11 20:06:47 | 1636661207 | 5cd6bd7d0aec5dd13a1afb603111733a | 12.1-63.23 | |
2021-11-17 15:43:23 | 1637163803 | 645bded68068748e3314ad3e3ec8eb8f | 13.1-9.60 | |
2021-12-10 16:17:15 | 1639153035 | 5112d5394de0cb5f6d474e032a708907 | 13.1-12.50 | |
2021-12-10 18:48:29 | 1639162109 | 3a316d2de5362e9f76280b3157f48d08 | 13.0-84.10 | |
2021-12-22 09:54:58 | 1640166898 | ee44bd3bc047aead57bc000097e3d8aa | 12.1-63.24 | |
2021-12-22 10:57:32 | 1640170652 | 13693866faf642734f0498eb45f73672 | ||
2021-12-22 15:18:49 | 1640186329 | 2b46554c087d2d5516559e9b8bc1875d | 13.0-84.11 | |
2021-12-23 08:28:43 | 1640248123 | cf9d354b261231f6c6121058ba143af7 | 13.1-12.51 | |
2022-01-20 02:36:41 | 1642646201 | c6bcd2f119d83d1de762c8c09b482546 | 12.1-64.16 | |
2022-01-28 06:22:15 | 1643350935 | b3fb0319d5d2dad8c977b9986cc26bd8 | 12.1-55.265 | |
2022-02-21 12:49:29 | 1645447769 | 0f3a063431972186f453e07954f34eb8 | 13.1-17.42 | |
2022-02-23 07:02:10 | 1645599730 | 7364f85dc30b3d570015e04f90605854 | ||
2022-03-10 15:17:42 | 1646925462 | e42d7b3cf4a6938aecebdae491ba140c | 13.0-85.15 | |
2022-04-01 19:41:31 | 1648842091 | 310ffb5a44db3a14ed623394a4049ff9 | ||
2022-04-03 05:18:28 | 1648963108 | 2edf0f445b69b2e322e80dbc3f6f711c | 12.1-55.276 | |
2022-04-07 06:11:44 | 1649311904 | b4ac9c8852a04234f38d73d1d8238d37 | 13.1-21.50 | |
2022-04-21 07:34:34 | 1650526474 | 9f73637db0e0f987bf7825486bfb5efe | 12.1-55.278 | |
2022-04-21 10:38:48 | 1650537528 | c212a67672ef2da5a74ecd4e18c25835 | 12.1-64.17 | |
2022-04-22 19:18:31 | 1650655111 | fbdc5fbaed59f858aad0a870ac4a779c | 12.1-65.15 | |
2022-05-19 08:10:13 | 1652947813 | 1884e7877a13a991b6d3fac01efbaf79 | 13.0-85.19 | |
2022-05-26 12:51:09 | 1653569469 | 853edb55246c138c530839e638089036 | 13.1-24.38 | |
2022-06-14 17:03:48 | 1655226228 | 7a45138b938a54ab056e0c35cf0ae56c | 13.0-86.17 | |
2022-06-29 13:46:08 | 1656510368 | 4434db1ec24dd90750ea176f8eab213c | 12.1-65.17 | |
2022-07-06 08:54:42 | 1657097682 | 469591a5ef8c69899320a319d5259922 | 12.1-55.282 | |
2022-07-06 10:41:43 | 1657104103 | adc1f7c850ca3016b21776467691a767 | 13.1-27.59 | |
2022-07-29 17:39:52 | 1659116392 | 1f63988aa4d3f6d835704be50c56788a | 13.0-87.9 | |
2022-08-24 14:57:01 | 1661353021 | 57d9f58db7576d6a194d7dd10888e354 | 13.1-30.52 | |
2022-09-23 18:53:35 | 1663959215 | 7afe87a42140b566a2115d1e232fdc07 | 13.1-33.47 | |
2022-10-04 16:11:03 | 1664899863 | c1b64cea1b80e973580a73b787828daf | 12.1-65.21 | |
2022-10-12 07:25:44 | 1665559544 | 4d817946cef53571bc303373fd6b406b | 12.1-55.289 | |
2022-10-12 17:01:28 | 1665594088 | aff0ad8c8a961d7b838109a7ee532bcb | 13.1-33.49 | |
2022-10-14 17:10:45 | 1665767445 | 37c10ac513599cf39997d52168432c0e | 13.0-88.12 | |
2022-10-31 15:54:59 | 1667231699 | 27292ddd74e24a311e4269de9ecaa6e7 | 13.0-88.13 | |
2022-10-31 16:31:43 | 1667233903 | 5e939302a9d7db7e35e63a39af1c7bec | 13.1-33.51 | |
2022-11-03 05:22:05 | 1667452925 | 6e7b2de88609868eeda0b1baf1d34a7e | 13.0-88.14 | |
2022-11-03 05:38:29 | 1667453909 | 56672635f81a1ce1f34f828fef41d2fa | 13.1-33.52 | |
2022-11-11 04:16:21 | 1668140181 | 8ecc8331379bc60f49712c9b25f276ea | ||
2022-11-11 06:00:31 | 1668146431 | 86c7421a034063574799dcd841ee88f0 | ||
2022-11-17 09:55:40 | 1668678940 | 9bf6d5d3131495969deba0f850447947 | 13.1-33.54 | |
2022-11-17 10:37:18 | 1668681438 | 3bd7940b6425d9d4dba7e8b656d4ba65 | 13.0-88.16 | |
2022-11-23 11:42:31 | 1669203751 | 0d656200c32bb47c300b81e599260c42 | 13.1-37.38 | |
2022-11-28 11:55:05 | 1669636505 | 953fae977d4baedf39e83c9d1e134ef1 | 12.1-55.291 | |
2022-11-30 11:42:25 | 1669808545 | f063b04477adc652c6dd502ac0c39a75 | 12.1-65.25 | |
2022-12-14 15:54:39 | 1671033279 | 14c6a775edda324764a940cfd3da48cb | 13.0-89.7 | |
2023-01-24 17:44:35 | 1674582275 | c2b8537eb733844f1e0cc4f63210d016 | 13.0-90.7 | |
2023-02-22 13:31:29 | 1677072689 | b4c220db03ea18bc2eebb40e9ad3f4f8 | 13.1-42.47 | |
2023-04-05 06:57:33 | 1680677853 | 0b2a3cb74b5c6adbe28827e8b76a9f64 | 12.1-55.296 | |
2023-04-12 08:05:14 | 1681286714 | 6925fba74320b9bfb960299f7c3e7cce | 13.1-45.61 | |
2023-04-17 18:09:24 | 1681754964 | cdb72bd7677da8af9942897256782c9b | 13.1-37.150 | |
2023-04-19 15:34:38 | 1681918478 | 281b46a105662de06fb259293aa79f2a | 13.0-90.11 | |
2023-04-26 11:42:55 | 1682509375 | 1487b55f253ea54b1d3603cc1212f164 | 13.1-45.62 | |
2023-04-28 20:39:00 | 1682714340 | a6a783263968040a97e44d7cac55eda6 | 12.1-65.35 | |
2023-04-30 08:54:31 | 1682844871 | d72c9f2af7ccded704862da7486cfef2 | 13.1-45.63 | |
2023-05-12 04:49:56 | 1683866996 | 13.0-91.12 | ||
2023-05-12 07:33:58 | 1683876838 | 14195083e08df261613408eb5cf3b212 | 13.1-45.64 | |
2023-05-15 10:23:44 | 1684146224 | 4d63b52cc99fe712f9be5e4795c854e9 | 13.0-90.12 | |
2023-06-03 07:35:50 | 1685777750 | 13.1-48.47 | ||
2023-07-07 15:32:56 | 1688743976 | 13.0-91.13 | ||
2023-07-07 16:15:10 | 1688746510 | e72b4f05a103118667208783b57eee3b | ||
2023-07-07 16:17:07 | 1688746627 | 46d83b1a2981c1cfefe8d3063adf78f4 | 13.1-37.159 | |
2023-07-07 16:29:27 | 1688747367 | 28e592a607e8919cc6ca7dec63590e04 | 12.1-55.297 | |
2023-07-10 18:36:31 | 1689014191 | 13.1-49.13 | ||
2023-07-28 00:25:01 | 1690503901 | 14.1-4.42 | ||
2023-08-30 07:03:54 | 1693379034 | 13.0-92.18 | ||
2023-09-15 06:40:36 | 1694760036 | 14.1-8.50 | ||
2023-09-21 05:25:24 | 1695273924 | 13.0-92.19 | ||
2023-09-21 06:17:01 | 1695277021 | 13.1-49.15 | ||
2023-09-21 17:12:48 | 1695316368 | 155a75fb7efac3347e7362fd23083aa5 | 12.1-55.300 | |
2023-09-27 12:27:52 | 1695817672 | 13.1-37.164 | ||
2023-10-18 07:27:04 | 1697614024 | 13.1-50.23 |
@MaxGroot -- Thanks for the reply! I saw that LeakIX was also comparing client versions via the /vpn/pluginlist.xml
path. Their tweet indicated that 23.5.1.3 was the latest client version for patched instances. Link: https://twitter.com/leak_ix/status/1682097653100822531
Patched Host:
<repositories>
<repository name="default">
<plugin name="Netscaler Gateway EPA plug-in for Windows (32 bit)" type="WIN-EPA" version="23.5.1.3" path="/epa/scripts/win/nsepa_setup.exe" compatibleFrom="12.1.0.0" compatibleTill=""/>
<plugin name="Netscaler Gateway EPA plug-in for Windows (64 bit)" type="WIN-EPA64" version="23.5.1.3" path="/epa/scripts/win/nsepa_setup.exe" compatibleFrom="12.1.0.0" compatibleTill=""/>
<plugin name="Netscaler Gateway VPN plug-in for Windows" type="WIN-VPN" version="23.5.1.3" path="/vpns/scripts/vista/AGEE_setup.exe" compatibleFrom="12.1.0.0" compatibleTill=""/>
<plugin name="EPA scanning Engine (Opswat) for Windows" type="WIN-EPA-ENGINE" version="1.1.2.34" path="/epa/scripts/win/epaPackage.exe" opswatVersion="4.3.3421.0"/>
<plugin name="Netscaler Gateway EPA plug-in for Mac" type="MAC-EPA" version="22.11.3" path="/epa/scripts/mac/Citrix_Endpoint_Analysis.dmg" compatibleFrom="22.11.3" compatibleTill=""/>
<plugin name="Netscaler Gateway VPN plug-in for Mac" type="MAC-VPN" version="4.4.8 (518)" path="/vpns/scripts/mac/Citrix_Access_Gateway.dmg" compatibleFrom="4.4.8 (518)" compatibleTill=""/>
<plugin name="EPA scanning Engine (Opswat) for Mac" type="MAC-EPA-ENGINE" version="1.3.5.7" path="/epa/scripts/mac/MacLibs.zip" opswatVersion="4.3.2138.0"/>
<plugin name="Netscaler Gateway RfWeb GUI" type="RFWEB-GUI" version="23.5.1.3" path="/logon/logonPoint/"/>
</repository>
</repositories>
Older/Potentially vuln:
<repositories>
<repository name="default">
<plugin name="Netscaler Gateway EPA plug-in for Windows (32 bit)" type="WIN-EPA" version="22.2.1.103" path="/epa/scripts/win/nsepa_setup.exe" compatibleFrom="12.1.0.0" compatibleTill=""/>
<plugin name="Netscaler Gateway EPA plug-in for Windows (64 bit)" type="WIN-EPA64" version="22.2.1.103" path="/epa/scripts/win/nsepa_setup.exe" compatibleFrom="12.1.0.0" compatibleTill=""/>
<plugin name="Netscaler Gateway VPN plug-in for Windows" type="WIN-VPN" version="22.2.1.103" path="/vpns/scripts/vista/AGEE_setup.exe" compatibleFrom="12.1.0.0" compatibleTill=""/>
<plugin name="EPA scanning Engine (Opswat) for Windows" type="WIN-EPA-ENGINE" version="1.1.2.20" path="/epa/scripts/win/epaPackage.exe" opswatVersion="4.3.2450.0"/>
<plugin name="Netscaler Gateway EPA plug-in for Mac" type="MAC-EPA" version="3.2.4.9" path="/epa/scripts/mac/Citrix_Endpoint_Analysis.dmg" compatibleFrom="3.2.4.9" compatibleTill=""/>
<plugin name="Netscaler Gateway VPN plug-in for Mac" type="MAC-VPN" version="4.4.8 (518)" path="/vpns/scripts/mac/Citrix_Access_Gateway.dmg" compatibleFrom="4.4.8 (518)" compatibleTill=""/>
<plugin name="EPA scanning Engine (Opswat) for Mac" type="MAC-EPA-ENGINE" version="1.3.5.7" path="/epa/scripts/mac/MacLibs.zip" opswatVersion="4.3.2138.0"/>
<plugin name="Netscaler Gateway RfWeb GUI" type="RFWEB-GUI" version="22.2.1.103" path="/logon/logonPoint/"/>
</repository>
</repositories>
We updated the gist with latest extracted version hashes and rdx_en.json.gz
timestamps.
We noticed that some versions stopped having a version hash, but fingerprinting on the rdx_en
timestamp is still a good indicator to determine the exact version. See our blog for more information on that.
Updated once more, now lists the versions that are patched against CitrixBleed!
Updates to this CSV are now moved to the following GitHub repo: https://github.com/fox-it/citrix-netscaler-triage
@RoganDawes @synfinner For both
13.0-91.13
and13.1-49.13
, I haven't found an URL that returns a vhash. However, therdx_en
file is still downloadable and its timestamp is the following date for these versions:From our scans, we have found that build times correlate quite well with whether a device is patched or not:
The heavy increase in numbers on 2023-07-21 (today) is because we found smoothed out some errors in our scanning, causing us to find much more Citrix servers across the board.
Of course, these scan results should be taken with a spoonful of salt but I hope this will help with your research.