Citrix NetScaler ADC & Gateway Impacted by regreSSHion RCE Vulnerability
Qualys chanced on a severe a ways flung unauthenticated code execution (RCE) vulnerability, CVE-2024-6387, in OpenSSH’s server (sshd).
This vulnerability, most steadily known as regreSSHion, is a regression of the previously patched CVE-2006-5051 and impacts glibc-basically based fully Linux programs.
The Cloud Tool Neighborhood has confirmed that several of its merchandise, including NetScaler ADC and NetScaler Gateway, are impacted.
The regreSSHion vulnerability is a signal handler flee condition in OpenSSH’s server (sshd) that allows unauthenticated a ways flung code execution as root on glibc-basically based fully Linux programs. This vulnerability impacts OpenSSH’s default configuration and has necessary implications for network security.
Affected Products and Ideas
Cloud Tool Neighborhood has entreated prospects the use of NetScaler ADC and NetScaler Gateway to change their programs straight to the most contemporary patched versions:
- NetScaler ADC and NetScaler Gateway 14.1-25.56 and later releases
- NetScaler ADC and NetScaler Gateway 13.1-fifty three.24 and later releases of 13.1
- NetScaler ADC and NetScaler Gateway 13.0-92.31 and later releases of 13.0
- NetScaler ADC 13.1-FIPS 13.1-37.190 and later releases of 13.1-FIPS
- NetScaler ADC 12.1-FIPS 12.1-55.309 and later releases of 12.1-FIPS
- NetScaler ADC 12.1-NDcPP 12.1-55.309 and later releases of 12.1-NDcPP
Furthermore, NetScaler Console (formerly Citrix ADM) is moreover impacted, and prospects are informed to change to the following versions:
- NetScaler Console 14.1 Plan 25.56 and later releases
- NetScaler Console 13.1 Plan fifty three.24 and later releases of 13.1
- NetScaler Console 13.0 Plan 92.31 and later releases of 13.0
The corporate is level-headed investigating the aptitude impact on Citrix Endpoint Administration and Citrix Right Internal most Access. Diverse Citrix merchandise, including Citrix Digital Apps and Desktops, Citrix Workspace, and Citrix Analytics, are now now not struggling from this vulnerability.
Cloud Tool Neighborhood has talked about that every individual products and companies hosted on their cloud infrastructure will likely be patched to mitigate this probability, requiring no motion from prospects the use of these cloud-basically based fully products and companies.
How to Examine the Version
Examine the Recent Version:
- Log in to your NetScaler ADC or Gateway.
- Navigate to the system files share to search out the hot device version.
Potentialities the use of the affected versions of NetScaler ADC, NetScaler Gateway, and NetScaler Console are entreated to put in the urged updates straight to offer protection to their programs from skill exploitation. The Cloud Tool Neighborhood has made the fundamental patches on the market for download.
Organizations the use of the affected Citrix and NetScaler merchandise need to level-headed device end instantaneous motion to safeguard their programs in incompatibility severe vulnerability.
Source credit : cybersecuritynews.com