Citrix has warned about two vulnerabilities affecting NetScaler ADC and NetScaler Gateway, products that provide application delivery and security services, could allow attackers to disrupt services or gain unauthorized access to sensitive information.
The first vulnerability tracked as CVE-2024-8534 with a CVSS v4.0 of 8.4, is a memory safety vulnerability that could lead to memory corruption and denial of service. An attacker could exploit this vulnerability by sending a specially crafted request to the affected system, potentially causing it to crash or become unavailable.
The second vulnerability tracked as CVE-2024-8535 with a CVSS v4.0 score of 5.8, is an authentication bypass vulnerability that could allow an authenticated user to access unintended capabilities. An attacker could exploit this vulnerability to gain access to sensitive data or functionality that they are not authorized to access.
The vulnerabilities affect the following supported versions of NetScaler ADC and NetScaler Gateway:
- NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-29.72
- NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-55.34
- NetScaler ADC 13.1-FIPS BEFORE 13.1-37.207
- NetScaler ADC 12.1-FIPS BEFORE 12.1-55.321
- NetScaler ADC 12.1-NDCPP BEFORE 12.1-55.321
Customers who are using Citrix-managed cloud services or Citrix-managed Adaptive Authentication are not affected by these vulnerabilities and do not need to take any action.
Citrix has released updated versions of NetScaler ADC and NetScaler Gateway that address these vulnerabilities. Customers are strongly encouraged to install the relevant updates as soon as possible to protect their systems from attack.
Organizations that use NetScaler ADC or NetScaler Gateway are encouraged to visit the Citrix website for more information
