Citrix NetScaler ADC & Gateway Impacted by regreSSHion RCE Vulnerability
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Qualys discovered a critical remote unauthenticated code execution (RCE) vulnerability, CVE-2024-6387, in OpenSSH’s server (sshd).
This vulnerability, known as regreSSHion, is a regression of the previously patched CVE-2006-5051 and affects glibc-based Linux systems.
The Cloud Software Group has confirmed that several of its products, including NetScaler ADC and NetScaler Gateway, are impacted.
The regreSSHion vulnerability is a signal handler race condition in OpenSSH’s server (sshd) that allows unauthenticated remote code execution as root on glibc-based Linux systems. This vulnerability affects OpenSSH’s default configuration and has significant implications for network security.
Affected Products and Recommendations
Cloud Software Group has urged customers using NetScaler ADC and NetScaler Gateway to update their systems immediately to the latest patched versions:
Additionally, NetScaler Console (formerly Citrix ADM) is also impacted, and customers are advised to update to the following versions:
The company is still investigating the potential impact on Citrix Endpoint Management and Citrix Secure Private Access.Other Citrix products, including Citrix Virtual Apps and Desktops, Citrix Workspace, and Citrix Analytics, are not affected by this vulnerability.
Cloud Software Group has stated that all services hosted on their cloud infrastructure will be patched to mitigate this risk, requiring no action from customers using these cloud-based services.
How to Verify the Version
Check the Current Version :
Customers using the affected versions of NetScaler ADC, NetScaler Gateway, and NetScaler Console are urged to install the recommended updates immediately to protect their systems from potential exploitation. The Cloud Software Group has made the necessary patches available for download.
Organizations using the affected Citrix and NetScaler products should take immediate action to safeguard their systems against this critical vulnerability.
#Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news
Оригинальная версия на сайте:
Citrix NetScaler ADC & Gateway Impacted by regreSSHion RCE Vulnerability
Author: Guru BaranQualys discovered a critical remote unauthenticated code execution (RCE) vulnerability, CVE-2024-6387, in OpenSSH’s server (sshd).
This vulnerability, known as regreSSHion, is a regression of the previously patched CVE-2006-5051 and affects glibc-based Linux systems.
The Cloud Software Group has confirmed that several of its products, including NetScaler ADC and NetScaler Gateway, are impacted.
The regreSSHion vulnerability is a signal handler race condition in OpenSSH’s server (sshd) that allows unauthenticated remote code execution as root on glibc-based Linux systems. This vulnerability affects OpenSSH’s default configuration and has significant implications for network security.
Affected Products and Recommendations
Cloud Software Group has urged customers using NetScaler ADC and NetScaler Gateway to update their systems immediately to the latest patched versions:
- NetScaler ADC and NetScaler Gateway 14.1-25.56 and later releases
- NetScaler ADC and NetScaler Gateway 13.1-53.24 and later releases of 13.1
- NetScaler ADC and NetScaler Gateway 13.0-92.31 and later releases of 13.0
- NetScaler ADC 13.1-FIPS 13.1-37.190 and later releases of 13.1-FIPS
- NetScaler ADC 12.1-FIPS 12.1-55.309 and later releases of 12.1-FIPS
- NetScaler ADC 12.1-NDcPP 12.1-55.309 and later releases of 12.1-NDcPP
Additionally, NetScaler Console (formerly Citrix ADM) is also impacted, and customers are advised to update to the following versions:
- NetScaler Console 14.1 Build 25.56 and later releases
- NetScaler Console 13.1 Build 53.24 and later releases of 13.1
- NetScaler Console 13.0 Build 92.31 and later releases of 13.0
The company is still investigating the potential impact on Citrix Endpoint Management and Citrix Secure Private Access.Other Citrix products, including Citrix Virtual Apps and Desktops, Citrix Workspace, and Citrix Analytics, are not affected by this vulnerability.
Cloud Software Group has stated that all services hosted on their cloud infrastructure will be patched to mitigate this risk, requiring no action from customers using these cloud-based services.
How to Verify the Version
Check the Current Version :
- Log in to your NetScaler ADC or Gateway.
- Navigate to the system information section to find the current software version.
Customers using the affected versions of NetScaler ADC, NetScaler Gateway, and NetScaler Console are urged to install the recommended updates immediately to protect their systems from potential exploitation. The Cloud Software Group has made the necessary patches available for download.
Organizations using the affected Citrix and NetScaler products should take immediate action to safeguard their systems against this critical vulnerability.
#Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news
Оригинальная версия на сайте:
