https://ift.tt/prcPCqG How To Prepare For Your Virtual Doctor Visit To Get The Most From Your Consultation
https://ift.tt/prcPCqG How To Prepare For Your Virtual Doctor Visit To Get The Most From Your Consultation
- Get link
- X
- Other Apps
Les articles
- Get link
- X
- Other Apps
Citrix NetScaler ADC & Gateway Impacted by regreSSHion RCE Vulnerability Guru Baran
Qualys discovered a critical remote unauthenticated code execution (RCE) vulnerability, CVE-2024-6387, in OpenSSH’s server (sshd).
This vulnerability, known as regreSSHion, is a regression of the previously patched CVE-2006-5051 and affects glibc-based Linux systems.
The Cloud Software Group has confirmed that several of its products, including NetScaler ADC and NetScaler Gateway, are impacted.
The regreSSHion vulnerability is a signal handler race condition in OpenSSH’s server (sshd) that allows unauthenticated remote code execution as root on glibc-based Linux systems. This vulnerability affects OpenSSH’s default configuration and has significant implications for network security.
Are you from SOC/DFIR Teams? - Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files
Affected Products and Recommendations
Cloud Software Group has urged customers using NetScaler ADC and NetScaler Gateway to update their systems immediately to the latest patched versions:
- NetScaler ADC and NetScaler Gateway 14.1-25.56 and later releases
- NetScaler ADC and NetScaler Gateway 13.1-53.24 and later releases of 13.1
- NetScaler ADC and NetScaler Gateway 13.0-92.31 and later releases of 13.0
- NetScaler ADC 13.1-FIPS 13.1-37.190 and later releases of 13.1-FIPS
- NetScaler ADC 12.1-FIPS 12.1-55.309 and later releases of 12.1-FIPS
- NetScaler ADC 12.1-NDcPP 12.1-55.309 and later releases of 12.1-NDcPP
Additionally, NetScaler Console (formerly Citrix ADM) is also impacted, and customers are advised to update to the following versions:
- NetScaler Console 14.1 Build 25.56 and later releases
- NetScaler Console 13.1 Build 53.24 and later releases of 13.1
- NetScaler Console 13.0 Build 92.31 and later releases of 13.0
The company is still investigating the potential impact on Citrix Endpoint Management and Citrix Secure Private Access. Other Citrix products, including Citrix Virtual Apps and Desktops, Citrix Workspace, and Citrix Analytics, are not affected by this vulnerability.
Cloud Software Group has stated that all services hosted on their cloud infrastructure will be patched to mitigate this risk, requiring no action from customers using these cloud-based services.
How to Verify the Version
Check the Current Version:
- Log in to your NetScaler ADC or Gateway.
- Navigate to the system information section to find the current software version.
Customers using the affected versions of NetScaler ADC, NetScaler Gateway, and NetScaler Console are urged to install the recommended updates immediately to protect their systems from potential exploitation. The Cloud Software Group has made the necessary patches available for download.
Organizations using the affected Citrix and NetScaler products should take immediate action to safeguard their systems against this critical vulnerability.
"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo
The post Citrix NetScaler ADC & Gateway Impacted by regreSSHion RCE Vulnerability appeared first on Cyber Security News.
Comments
Post a Comment
Commenter vous !