Vulnerability in Citrix NetScaler Exposes Sensitive Data to Attackers

Spread the love



Citrix has revealed two critical vulnerabilities in its NetScaler products, posing risks of sensitive data exposure and denial of service attacks. The vulnerabilities identified as CVE-2024-6235 and CVE-2024-6236 have urged Citrix users to update their systems to prevent potential threats.

CVE-2024-6235 involves authentication misuse, potentially divulging sensitive information, with a severity score of 9.4. Exploiting this vulnerability necessitates access to the NetScaler console IP. On the other hand, CVE-2024-6236 stems from an inadequate limitation in memory buffer operations, allowing for DoS attacks. It carries a high severity score of 7.1, requiring access to various IPs associated with NetScaler products.

The impacted versions of NetScaler products include 14.1 versions before 14.1-25.53 for CVE-2024-6235 and versions 14.1, 13.1, and 13.0 for CVE-2024-6236. It is crucial for users to update to the latest versions to mitigate these vulnerabilities as soon as possible.

Citrix has recommended specific actions for users based on their NetScaler products, including upgrading to versions 14.1-25.53 or later for NetScaler Console, versions 14.1-25.53, 13.1-53.22, and 13.0-92.31 for NetScaler SVM, and versions 14.1-25.53, 13.1-53.22, and 13.0-92.31 for NetScaler Agent.

The vulnerabilities were discovered internally by Citrix, prompting swift action to inform customers and partners through security bulletins in the Citrix Knowledge Center. The company advises immediate updates for users, particularly those with exposed NetScaler Consoles. Customers can seek technical support from Citrix and stay updated on security alerts for future vulnerabilities.

These vulnerabilities underscore the importance of timely updates and robust security measures to safeguard networks and data from cyber threats. By promptly addressing these vulnerabilities, organizations can enhance their security posture and mitigate potential risks effectively.

Article Source
https://cybersecuritynews.com/citrix-netscaler-authentication-vulnerability/