Citrix NetScaler Authentication Vulnerability

Citrix has disclosed two critical vulnerabilities affecting its NetScaler Console (formerly NetScaler ADM), NetScaler SVM, and NetScaler Agent, which could potentially allow attackers to access sensitive information and cause denial of service (DoS) attacks.

The vulnerabilities, identified as CVE-2024-6235 and CVE-2024-6236, have prompted urgent calls for updates from Citrix to mitigate the risks.

EHA

Vulnerability Details

  • CVE-2024-6235: This vulnerability involves improper authentication (CWE-287) and can lead to sensitive information disclosure. It has a CVSS v4.0 Base Score of 9.4, indicating critical severity. Exploitation requires access to the NetScaler Console IP.
  • CVE-2024-6236: This vulnerability is due to improper restriction of operations within the bounds of a memory buffer (CWE-119), leading to a potential DoS attack. It has a CVSS v4.0 Base Score of 7.1, indicating high severity. Exploitation requires access to the NetScaler Console IP, NetScaler Agent IP, or SVM IP.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

Affected Versions

The vulnerabilities impact several versions of NetScaler products:

  • CVE-2024-6235 affects NetScaler Console versions:
  • 14.1 before 14.1-25.53
  • CVE-2024-6236 affects:
  • NetScaler Console versions 14.1 before 14.1-25.53, 13.1 before 13.1-53.22, and 13.0 before 13.0-92.31
  • NetScaler SVM versions 14.1 before 14.1-25.53, 13.1 before 13.1-53.17, and 13.0 before 13.0-92.31
  • NetScaler Agent versions 14.1 before 14.1-25.53, 13.1 before 13.1-53.22, and 13.0 before 13.0-92.31

Citrix strongly advises customers to update their NetScaler products to the latest versions to address these vulnerabilities:

  • NetScaler Console:
  • Update to 14.1-25.53 or later
  • Update to 13.1-53.22 or later
  • Update to 13.0-92.31 or later
  • NetScaler SVM:
  • Update to 14.1-25.53 or later
  • Update to 13.1-53.17 or later
  • Update to 13.0-92.31 or later
  • NetScaler Agent:
  • Update to 14.1-25.53 or later
  • Update to 13.1-53.22 or later
  • Update to 13.0-92.31 or later

Citrix’s Response

Citrix discovered these vulnerabilities through internal research and is unaware of any wild exploits. However, the company emphasizes the importance of prompt action, especially for customers with NetScaler Console exposed to the public internet.

Citrix has notified its customers and channel partners through a security bulletin published on the Citrix Knowledge Center. The company emphasizes the importance of promptly applying updates to protect against potential exploits.

For technical assistance, customers are encouraged to contact Citrix Technical Support. Citrix also recommends subscribing to receive alerts for future security bulletins and stay informed about potential vulnerabilities and updates.

The discovery of these vulnerabilities underscores the critical need for timely updates and vigilant security practices. By addressing these vulnerabilities promptly, organizations can safeguard their networks and sensitive information from potential cyber threats.

"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.