WARNING: A CRITICAL VULNERABILITY AFFECTS CITRIX NETSCALER CONSOLE
CVE-2024-6235
CVSSv4 9.4(CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)
Sources
Risques
Citrix NetScaler functions as an API gateway to manage and secure API traffic and supports advanced API management features such as rate limiting, authentication, and authorization. It optimizes traffic and organizes new and old traffic based on testing targets and SSL offloading to accelerate performance.
The present sensitive information disclosure vulnerability has a HIGH impact on Confidentiality, Integrity and Availability.
Description
CVE-2024-6235: Sensitive information disclosure due to improper authentication mechanism.
An attacker can gain unauthorized access to confidential data, potentially exposing trade secrets, customer information, or other sensitive assets.
At this point in time there is no additional publicly available information on how to exploit this vulnerability.
Actions recommandées
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for any of the vulnerable software mentioned in the present advisory.
To upgrade/update Citrix NetScaler Console follow the steps outlined here.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.