Citrix has released security updates to address a critical vulnerability in its NetScaler Console, a tool for managing NetScaler instances. The flaw, designated CVE-2024-6235, has been rated 9.4 out of 10 in severity, underscoring its potential risk to organizations.
According to Citrix, this vulnerability could enable attackers to gain unauthorized access to the NetScaler Console, NetScaler SVM, and NetScaler Agent, which are pivotal components in managing and securing NetScaler deployments. The vulnerability stems from improper authentication mechanisms, making it a significant threat if left unpatched.
Despite the high severity, Citrix assures that it has discovered the problem internally and is unaware of any active exploitation. However, organizations managing their own NetScaler environments are urged to install the available updates immediately to mitigate risks.
A comprehensive patch
In their security bulletin, Citrix has addressed multiple vulnerabilities, including CVE-2024-6236, CVE-2024-5491, CVE-2024-5492, and a third-party vulnerability, CVE-2024-6387, affecting the open-source OpenSSH module.
CVE-2024-6235, categorized as a critical vulnerability, could lead to sensitive information disclosure. Meanwhile, CVE-2024-6236, rated as high severity, could result in a denial-of-service attack. Both vulnerabilities highlight the need for stringent security measures, especially since the NetScaler Console should ideally not be exposed to the public internet.
“We strongly recommend that you immediately install the recommended updates,” Citrix advises, emphasizing the importance of keeping the NetScaler Console on a private network to avoid external threats.
Additionally, CVE-2024-5491 and CVE-2024-5492 present their own risks, with the former allowing denial-of-service attacks and the latter enabling remote unauthenticated attackers to redirect users to malicious websites. Notably, NetScaler version 12.1 is now end-of-life and particularly vulnerable, prompting Citrix to urge users to upgrade to supported versions.
CVE-2024-6387, discovered externally by Qualys, is a vulnerability in the OpenSSH module that affects many networking products, including NetScaler. This flaw, a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution as root on glibc-based Linux systems. Citrix has included fixes for this vulnerability in the latest update.
The OpenSSH vulnerability was given the name regreSSHion by Qualys, which we have previously covered, including the initial announcement, subsequent exploits, and a fresh vulnerability that affects RHEL 9 systems.
