Site icon VMVirtualMachine.com

Critical DOS and Open Redirect Vulnerability Affecting Citrix Netscaler ADC and Gateway

Critical DOS and Open Redirect Vulnerability Affecting Citrix Netscaler ADC and Gateway
Spread the love



A recent editorial from Red Hot Cyber highlights two vulnerabilities found in NetScaler ADC and NetScaler Gateway, which are widely used devices to enhance application performance and ensure secure access to sensitive data. The affected versions include NetScaler ADC and NetScaler Gateway 14.1 before version 14.1-25.53, 13.1 before version 13.1-53.17, and 13.0 before version 13.0-92.31, among others. One vulnerability, identified as CVE-2024-5491, allows for denial of service on devices configured with SNMP, while another, CVE-2024-5492, permits unauthenticated attackers to redirect users to malicious websites.

To address these vulnerabilities, Cloud Software Group advises affected customers to immediately update to the latest supported versions of NetScaler ADC and NetScaler Gateway. Cloud Software Group also acknowledges the contributions of security researchers Nanyu Zhong and Mauro Dini in identifying these vulnerabilities and ensuring customer security. Citrix, the company behind NetScaler ADC and NetScaler Gateway, is actively communicating with customers and partners about these security issues through a bulletin available on the Citrix Knowledge Center website.

The Red Hot Cyber editorial team, made up of various individuals and anonymous sources, is dedicated to providing early information and news on cybersecurity and computing. Customers using NetScaler ADC and NetScaler Gateway are urged to upgrade to the recommended versions to protect their devices and data from potential exploits. It is essential for organizations to stay informed about cybersecurity vulnerabilities and take proactive measures to safeguard their systems and sensitive information.

Article Source
https://www.redhotcyber.com/en/post/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve-2024-5491-and-cve-2024-5492/

Exit mobile version