Citrix, CISA & NCSC Warn Of Critical Bug In NetScaler Console
The flaw needs urgent patching, as it could grant attackers unauthorized access to sensitive data
Mihir Bagwe July 11, 2024
Share on LinkedInShare on Twitter
Security professionals and system administrators should prioritize patching a critical vulnerability in Citrix NetScaler Console, as recommended not only by the networking appliance manufacturer but also the U.S. Cybersecurity and Infrastructure Security Agency and the National Cyber Security Centre of Ireland.
The vulnerability, tracked as CVE-2024-6235, is found in the Citrix NetScaler Console, a cloud-based management tool for NetScaler appliances. Exploiting this flaw could grant attackers unauthorized access to sensitive data, posing a significant security risk.
This high-severity vulnerability scores 9.4 on the Common Vulnerability Scoring System (CVSS), indicating its critical nature. It stems from improper authentication controls within NetScaler Console, potentially allowing attackers with access to the console’s IP address to bypass security measures and steal sensitive information.
Versions of NetScaler Console 14.1 before 14.1-25.53 are impacted.
Both CISA and NCSC issued advisories urging immediate patching. CISA’s alert warns, “A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
Patching Beyond NetScaler Console: Addressing Denial-of-Service Threats
The security updates address not only the critical authentication bypass vulnerability but also a high-severity denial-of-service (DoS) flaw within NetScaler Console that is tracked as CVE-2024-6236. This DoS vulnerability exists similarly in the NetScaler Agent and NetScaler Service Virtual Machine (SVM). The flaw allows attackers with access to any of these components’ IPs to launch DoS attacks, potentially disrupting critical services.
Citrix also addressed another high-severity DoS vulnerability (CVE-2024-5491) affecting NetScaler ADC and Gateway appliances.
Privilege Escalation Risk in Citrix Workspace App
The security updates encompass a high-severity vulnerability (CVE-2024-6286) within the Citrix Workspace app for Windows. This flaw could allow low-privileged attackers with local access to a system to escalate their privileges to SYSTEM level, granting them complete control over the system. This vulnerability impacts Citrix Workspace app versions before 2403.1 in the current release and versions before 2402 in the long-term service release.
NetScaler: A Repeated Target
This is not the first time NetScaler has been exploited by malicious actors. Last year, a critical-severity flaw, identified as CVE-2023-4966, in Citrix NetScaler ADC and Gateway appliances was leveraged to target professional services, technology, and government organizations. This previous flaw stemmed from an unauthenticated buffer overflow issue and could enable attackers to steal sensitive information.
Given NetScaler’s history as a target and the severity of the newly patched vulnerabilities, applying the security updates is paramount to maintaining a secure environment. Security professionals and system administrators should prioritize patching all affected Citrix products immediately.