Citrix Addresses High-Severity Flaw in NetScaler ADC and Gateway

  /     /     /  
Publicated : 23/11/2024   Category : security


Citrix Addresses High-Severity Flaw in NetScaler ADC and Gateway


The flaw was nearly identical to last years CitrixBleed flaw, though not as severe.



Citrix appears to have quietly addressed a vulnerability in its NetScaler Application Delivery Control (ADC) and Gateway appliances that gave remote, unauthenticated attackers a way to obtain potentially sensitive information from the memory of affected systems.
The bug was nearly identical to — but not as serious as — CitrixBleed (CVE-2023-4966), a critical zero-day vulnerability in the same two technologies that Citrix disclosed last year, according to researchers at Bishop Fox, who discovered and reported the flaw to Citrix in January.
Attackers exploited
CitrixBleed
widely to
deploy ransomware
, steal information, and
other malicious purposes
. The
Cybersecurity and Infrastructure Security Agency (CISA)
was among many that urged affected organizations to quickly update their systems to patched versions of NetScaler, citing reports of widespread attacks that targeted the vulnerability. Boeing and
Comcast Xfinity
were among several major organizations that attackers targeted.
In contrast, the flaw that
Bishop Fox discovered
in January was less dangerous because attackers would have been less likely to retrieve any information of high value from a vulnerable system with it. Even so, the bug — in NetScaler version 13.1-50.23 — did leave the door open for an attacker to occasionally capture sensitive information, including HTTP request bodies from the process memory of affected appliances, Bishop Fox said.
The company also said Citrix acknowledged its vulnerability disclosure on Feb. 1. But Citrix did not assign the flaw a CVE identifier because it had already addressed the issue in NetScaler version 13.1-51.15, prior to disclosure, Bishop Fox said. Its not clear if Citrix privately disclosed the vulnerability to customers at any time, or if it even considered the issue that Bishop Fox raised as a vulnerability. Bishop Fox itself said theres been no public disclosure of the flaw until now.
Citrix did not respond immediately to a Dark Reading request for clarification on when, or if, the company disclosed the flaw prior to addressing it in version 13.1-51.15.
In a blog this week, Bishop Fox identified the vulnerability it discovered as an unauthenticated out-of-bounds memory issue, which basically amounts to bugs that allow an attacker to access memory locations beyond the intended boundaries of a program. Bishop Fox said its researchers exploited the vulnerability to capture sensitive information, including HTTP request bodies from an affected appliances memory. The blog post read, This could potentially allow attackers to obtain credentials submitted by users logging in to NetScaler ADC and Gateway appliances, or cryptographic material used by the appliance.
As with CitrixBleed, the flaw that Bishop Fox discovered affected NetScaler components when used for remote access and as authentication, authorization, and auditing (AAA) servers. Specifically, the security vendor found the Gateway and AAA virtual server to be handling HTTP host request headers in an unsafe manner, which was the same underlying cause for CitrixBleed. The companys proof-of-concept code demonstrated how a remote adversary could exploit the vulnerability to retrieve potentially useful information for an attack.
Bishop Fox staff analyzed vulnerable Citrix deployments and observed instances where the disclosed memory contained data from HTTP requests, sometimes including POST request bodies, the company noted. Bishop Fox recommended that organizations running the affected NetScaler version upgrade to Version 13.1-51.15 or beyond.

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Citrix Addresses High-Severity Flaw in NetScaler ADC and Gateway