Citrix NetScaler ADC & Gateway Impacted by regreSSHion RCE Vulnerability

In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog Writer

Post Sharing

Qualys discovered a critical remote unauthenticated code execution (RCE) vulnerability, CVE-2024-6387, in OpenSSH’s server (sshd).

This vulnerability, known as regreSSHion, is a regression of the previously patched CVE-2006-5051 and affects glibc-based Linux systems.

The Cloud Software Group has confirmed that several of its products, including NetScaler ADC and NetScaler Gateway, are impacted.

The regreSSHion vulnerability is a signal handler race condition in OpenSSH’s server (sshd) that allows unauthenticated remote code execution as root on glibc-based Linux systems. This vulnerability affects OpenSSH’s default configuration and has significant implications for network security.

Are you from SOC/DFIR Teams? - Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files

Affected Products and Recommendations

Cloud Software Group has urged customers using NetScaler ADC and NetScaler Gateway to update their systems immediately to the latest patched versions

  • NetScaler ADC and NetScaler Gateway 14.1-25.56 and later releases
  • NetScaler ADC and NetScaler Gateway 13.1-53.24 and later releases of 13.1
  • NetScaler ADC and NetScaler Gateway 13.0-92.31 and later releases of 13.0
  • NetScaler ADC 13.1-FIPS 13.1-37.190 and later releases of 13.1-FIPS
  • NetScaler ADC 12.1-FIPS 12.1-55.309 and later releases of 12.1-FIPS
  • NetScaler ADC 12.1-NDcPP 12.1-55.309 and later releases of 12.1-NDcPP

Additionally, NetScaler Console (formerly Citrix ADM) is also impacted, and customers are advised to update to the following versions

  • NetScaler Console 14.1 Build 25.56 and later releases
  • NetScaler Console 13.1 Build 53.24 and later releases of 13.1
  • NetScaler Console 13.0 Build 92.31 and later releases of 13.0

The company is still investigating the potential impact on Citrix Endpoint Management and Citrix Secure Private Access

Cloud Software Group has stated that all services hosted on their cloud infrastructure will be patched to mitigate this risk, requiring no action from customers using these cloud-based services

How to Verify the Version

Check the Current Version:

  • Log in to your NetScaler ADC or Gateway.
  • Navigate to the system information section to find the current software version.

Customers using the affected versions of NetScaler ADC, NetScaler Gateway, and NetScaler Console are urged to install the recommended updates immediately to protect their systems from potential exploitation. The Cloud Software Group has made the necessary patches available for download.

Organizations using the affected Citrix and NetScaler products should take immediate action to safeguard their systems against this critical vulnerability.

"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo