CTX677998

by | Jul 9, 2024 | ALARM, ctx_adc

NetScaler Console, Agent and SVM Security Bulletin for CVE-2024-6235 and CVE-2024-6236

Security Bulletin | Severity: Critical | Created: 09 Jul 2024 | Modified: 09 Jul 2024 | Status: Final

Applicable Products

  • Citrix Application Delivery Management

Description of Problem

Two vulnerabilities have been discovered in NetScaler Console (formerly NetScaler ADM), NetScaler SVM, and NetScaler Agent. Refer to below for further details: 

Affected Versions

The following supported version of NetScaler Console (formerly NetScaler ADM) is affected by CVE-2024-6235: 

  • NetScaler Console 14.1 before 14.1-25.53

The following supported versions of NetScaler Console, NetScaler Agent and NetScaler SVM are affected by CVE-2024-6236: 

  • NetScaler Console 14.1 before 14.1-25.53
  • NetScaler Console 13.1 before 13.1-53.22
  • NetScaler Console 13.0 before 13.0-92.31
  • NetScaler SVM 14.1 before 14.1-25.53
  • NetScaler SVM 13.1 before 13.1-53.17
  • NetScaler SVM 13.0 before 13.0-92.31
  • NetScaler Agent 14.1 before 14.1-25.53
  • NetScaler Agent 13.1 before 13.1-53.22
  • NetScaler Agent 13.0 before 13.0-92.31

This bulletin only applies to the customer-managed NetScaler Console. Customers using Citrix-managed NetScaler Console Service do not need to take any action.

Summary

NetScaler Console contains the vulnerabilities mentioned below 

CVE ID          DescriptionPre-requisitesAffected Products    CWECVSS
CVE-2024-6235Sensitive information disclosureAccess to NetScaler Console IPNetScaler ConsoleCWE-287: Improper AuthenticationCVSS v4.0 Base Score: 9.4(CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H) 
CVE-2024-6236Denial of ServiceAccess to NetScaler Console IP, NetScaler Agent IP, SVM IP NetScaler Console, NetScaler Agent, NetScaler SVMCWE-119: Improper Restriction of Operations within the Bounds of a Memory BufferCVSS v4.0 Base Score: 7.1(CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)

What Customers Should Do

Cloud Software Group strongly urges customers of NetScaler Console to install the relevant updated versions of NetScaler Console as soon as possible: 

  • NetScaler Console 14.1-25.53 and later releases of 14.1
  • NetScaler Console  13.1-53.22 and later releases of 13.1
  • NetScaler Console  13.0-92.31 and later releases of 13.0
  • NetScaler SVM 14.1-25.53 and later releases of 14.1
  • NetScaler SVM 13.1-53.17 and later releases of 13.1
  • NetScaler SVM 13.0-92.31 and later releases of 13.0
  • NetScaler Agent 14.1-25.53and later releases of 14.1
  • NetScaler Agent  13.1-53.22 and later releases of 13.1
  • NetScaler Agent 13.0-92.31and later releases of 13.0

Bleiben Sie immer aktuell informiert!

Wenn Sie sich in unsere Mailingliste eintragen, werden Sie zukünftig direkt informiert, sobald ein Alarm oder eine Information erstellt wird. Verpassen Sie keine sicherheitskritischen Meldungen mehr und abonnieren den Newsletter noch heute.

Invalid email address
Bitte wählen Sie Ihre Kategorie(n).
Citrix
Nutanix
Weitere
Wir versprechen, Sie nicht zuzuspammen. Sie können sich jederzeit wieder abmelden.