Cyber Security News

Citrix NetScaler ADC & Gateway Impacted by regreSSHion RCE Vulnerability

Qualys discovered a critical remote unauthenticated code execution (RCE) vulnerability, CVE-2024-6387, in OpenSSH’s server (sshd).

This vulnerability, known as regreSSHion, is a regression of the previously patched CVE-2006-5051 and affects glibc-based Linux systems.

The Cloud Software Group has confirmed that several of its products, including NetScaler ADC and NetScaler Gateway, are impacted.

The regreSSHion vulnerability is a signal handler race condition in OpenSSH’s server (sshd) that allows unauthenticated remote code execution as root on glibc-based Linux systems. This vulnerability affects OpenSSH’s default configuration and has significant implications for network security.

Are you from SOC/DFIR Teams? - Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files

Affected Products and Recommendations

Cloud Software Group has urged customers using NetScaler ADC and NetScaler Gateway to update their systems immediately to the latest patched versions:

  • NetScaler ADC and NetScaler Gateway 14.1-25.56 and later releases
  • NetScaler ADC and NetScaler Gateway 13.1-53.24 and later releases of 13.1
  • NetScaler ADC and NetScaler Gateway 13.0-92.31 and later releases of 13.0
  • NetScaler ADC 13.1-FIPS 13.1-37.190 and later releases of 13.1-FIPS
  • NetScaler ADC 12.1-FIPS 12.1-55.309 and later releases of 12.1-FIPS
  • NetScaler ADC 12.1-NDcPP 12.1-55.309 and later releases of 12.1-NDcPP

Additionally, NetScaler Console (formerly Citrix ADM) is also impacted, and customers are advised to update to the following versions:

  • NetScaler Console 14.1 Build 25.56 and later releases
  • NetScaler Console 13.1 Build 53.24 and later releases of 13.1
  • NetScaler Console 13.0 Build 92.31 and later releases of 13.0

The company is still investigating the potential impact on Citrix Endpoint Management and Citrix Secure Private Access. Other Citrix products, including Citrix Virtual Apps and Desktops, Citrix Workspace, and Citrix Analytics, are not affected by this vulnerability.

Cloud Software Group has stated that all services hosted on their cloud infrastructure will be patched to mitigate this risk, requiring no action from customers using these cloud-based services.

How to Verify the Version

Check the Current Version:

  • Log in to your NetScaler ADC or Gateway.
  • Navigate to the system information section to find the current software version.

    Customers using the affected versions of NetScaler ADC, NetScaler Gateway, and NetScaler Console are urged to install the recommended updates immediately to protect their systems from potential exploitation. The Cloud Software Group has made the necessary patches available for download.

    Organizations using the affected Citrix and NetScaler products should take immediate action to safeguard their systems against this critical vulnerability.

    "Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo

    Guru Baran

    Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

    Recent Posts

    US Department Of Homeland Security Terminates Entire Advisory Committees

    In a sweeping directive aimed at streamlining the Department of Homeland Security (DHS) operations, Acting…

    5 hours ago

    Hackers Exploited 16 0-days & Earned $382,750 – Pwn2Own Automotive 2025

    The much-anticipated Pwn2Own Automotive 2025 kicked off today at Tokyo Big Sight, showcasing the cutting…

    11 hours ago

    Windows File Explorer Elevation Of Privilege Vulnerability(CVE-2024-38100) Exploited

    A critical security flaw in Windows File Explorer, identified as CVE-2024-38100, has been actively exploited,…

    11 hours ago

    1,000+ Malicious Domains Mimic Reddit & WeTransfer To Deliver Malware

    Over 1,000 malicious domains have been identified that impersonate popular platforms like Reddit and WeTransfer…

    11 hours ago

    Helldown Ransomware Exploiting Zyxel Devices Using Zero-Day Vulnerability

    A new ransomware threat dubbed "Helldown" has emerged, actively exploiting vulnerabilities in Zyxel firewall devices…

    12 hours ago

    Ex-CIA Analyst Pleads Guilty To Leaking National Defense Information

    A former CIA analyst, Asif William Rahman, 34, pleaded guilty today to unlawfully retaining and…

    14 hours ago