Qualys discovered a critical remote unauthenticated code execution (RCE) vulnerability, CVE-2024-6387, in OpenSSH’s server (sshd).
This vulnerability, known as regreSSHion, is a regression of the previously patched CVE-2006-5051 and affects glibc-based Linux systems.
The Cloud Software Group has confirmed that several of its products, including NetScaler ADC and NetScaler Gateway, are impacted.
The regreSSHion vulnerability is a signal handler race condition in OpenSSH’s server (sshd) that allows unauthenticated remote code execution as root on glibc-based Linux systems. This vulnerability affects OpenSSH’s default configuration and has significant implications for network security.
Are you from SOC/DFIR Teams? - Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files
Cloud Software Group has urged customers using NetScaler ADC and NetScaler Gateway to update their systems immediately to the latest patched versions:
Additionally, NetScaler Console (formerly Citrix ADM) is also impacted, and customers are advised to update to the following versions:
The company is still investigating the potential impact on Citrix Endpoint Management and Citrix Secure Private Access. Other Citrix products, including Citrix Virtual Apps and Desktops, Citrix Workspace, and Citrix Analytics, are not affected by this vulnerability.
Cloud Software Group has stated that all services hosted on their cloud infrastructure will be patched to mitigate this risk, requiring no action from customers using these cloud-based services.
Check the Current Version:
Customers using the affected versions of NetScaler ADC, NetScaler Gateway, and NetScaler Console are urged to install the recommended updates immediately to protect their systems from potential exploitation. The Cloud Software Group has made the necessary patches available for download.
Organizations using the affected Citrix and NetScaler products should take immediate action to safeguard their systems against this critical vulnerability.
"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo
In a sweeping directive aimed at streamlining the Department of Homeland Security (DHS) operations, Acting…
The much-anticipated Pwn2Own Automotive 2025 kicked off today at Tokyo Big Sight, showcasing the cutting…
A critical security flaw in Windows File Explorer, identified as CVE-2024-38100, has been actively exploited,…
Over 1,000 malicious domains have been identified that impersonate popular platforms like Reddit and WeTransfer…
A new ransomware threat dubbed "Helldown" has emerged, actively exploiting vulnerabilities in Zyxel firewall devices…
A former CIA analyst, Asif William Rahman, 34, pleaded guilty today to unlawfully retaining and…