"Citrix Patches Critical NetScaler Console Vulnerability"
Cloud computing and virtualization software vendor Citrix recently released patches to fix multiple security vulnerabilities, including critical and high-severity issues, in its flagship NetScaler product line. The company noted that the most severe of these issues is CVE-2024-6235, an improper authorization bug that could allow attackers to access sensitive information. Citrix also fixed CVE-2024-6236, a buffer overflow bug in NetScaler Console, Agent, and SVM products that could be exploited to cause a denial-of-service (DoS) condition. Citrix recommends updating to NetScaler Console and NetScaler Agent versions 14.1-25.53, 13.1-53.22, and 13.0-92.31, and to NetScaler SVM versions 14.1-25.53, 13.1-53.17, and 13.0-92.31. The company noted that patches announced for NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) address two high-severity flaws that could be exploited to cause a DoS condition and to redirect users to arbitrary websites. Citrix resolves both flaws with the release of NetScaler ADC and NetScaler Gateway versions 14.1-25.53, 13.1-53.17, and 13.0-92.31, and NetScaler ADC versions 13.1-FIPS 13.1-37.183, 12.1-FIPS 12.1-55.304, and 12.1-NDcPP 12.1-55.304. The company warned that NetScaler ADC and NetScaler Gateway version 12.1, which has been discontinued, are also vulnerable, urging customers to update to a supported version as soon as possible. Citrix does not mention any of these vulnerabilities being exploited in the wild but strongly recommends that customers update their appliances as soon as possible.
SecurityWeek reports: "Citrix Patches Critical NetScaler Console Vulnerability"