![]() ![]() Keep vulnerabilities in tow by using ThreatDown Vulnerability and Patch Management.Antivirus is software that is designed to detect, protect against, and remove malware on a computer or mobile device. ![]() We don’t just report on vulnerabilities-we identify them, and prioritize action.Ĭybersecurity risks should never spread beyond a headline. This goes to show how popular these kind of vulnerabilities are among cybercriminals. Note: NetScaler ADC and NetScaler Gateway version 12.1 is now End Of Life (EOL) and is vulnerable.Ĭitrix has also observed exploits on unpatched instances and strongly urges affected customers of NetScaler ADC and NetScaler Gateway to install the relevant updated versions as soon as possible.Ī few months ago, CISA and the Federal Bureau of Investigation (FBI), along with other international agencies, warned that ransomware gangs are actively exploiting the Citrix Bleed vulnerability which was also found in Citrix NetScaler versions. NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.21.NetScaler ADC and NetScaler Gateway 13.1 before 13.1-51.15.NetScaler ADC and NetScaler Gateway 14.1 before 14.1-12.35.The following supported versions of NetScaler ADC and NetScaler Gateway are affected by the vulnerabilities: VPN, ICA Proxy, CVPN, RDP Proxy) or as a AAA virtual server. An attacker could exploit this vulnerability when a vulnerable appliance has been configured as a gateway (e.g. It allows unauthenticated denial of service. It allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on the interface.īecause this vulnerability only impacts the management interface, network traffic to the appliance’s management interface should be separated, either physically or logically, from normal network traffic, and you should avoid exposing it to the internet.ĬVE-2023-6549 is an improper restriction of operations within the bounds of a memory buffer in NetScaler ADC and NetScaler Gateway with a CVSS score of 8.2 out of 10. ![]() The CVEs that CISA has added to the catalog are:ĬVE-2023-6548, an improper control of generation of code (code injection) vulnerability in NetScaler ADC and NetScaler Gateway with a CVSS score of 5.5 out of 10. The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. Customers using Citrix-managed cloud services or Citrix-managed Adaptive Authentication are not impacted. These issues only apply to customer-managed NetScaler ADC and NetScaler Gateway. The Citrix NetScaler vulnerabilities need to be patched by January 24, 2024. Normally, the Directive requires those agencies to remediate internet-facing vulnerabilities on its catalog within 15 days, and all others within 25 days. ![]() The Cybersecurity and Infrastructure Security Agency (CISA) has added two Citrix NetScaler vulnerabilities to its Known Exploited Vulnerabilities catalog, and it has set the “due date” a week after they were added.įederal Civilian Executive Branch (FCEB) agencies are handed specific deadlines for when vulnerabilities must be dealt with. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |