www.belgium.be Logo of the federal government

WARNING: A CRITICAL VULNERABILITY AFFECTS CITRIX NETSCALER CONSOLE

Référence: 
Advisory #2024-108
Version: 
1.0
Logiciels concernés : 
Citrix NetScaler Console 14.1 before 14.1-25.53
Type: 
Sensitive information disclosure due to improper authentication mechanism
CVE/CVSS: 

CVE-2024-6235
CVSSv4 9.4(CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)

Sources

Risques

Citrix NetScaler functions as an API gateway to manage and secure API traffic and supports advanced API management features such as rate limiting, authentication, and authorization. It optimizes traffic and organizes new and old traffic based on testing targets and SSL offloading to accelerate performance.

The present sensitive information disclosure vulnerability has a HIGH impact on Confidentiality, Integrity and Availability.

Description

CVE-2024-6235: Sensitive information disclosure due to improper authentication mechanism.

An attacker can gain unauthorized access to confidential data, potentially exposing trade secrets, customer information, or other sensitive assets.

At this  point in time there is no additional publicly available information on how to exploit this vulnerability.

Actions recommandées

Patch

The Centre for Cybersecurity Belgium strongly recommends installing updates for any of the vulnerable software mentioned in the present advisory.

To upgrade/update Citrix NetScaler Console follow the steps outlined here

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
 
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

Références