May 6, 2024 at 08:20PM
Citrix quietly addressed a vulnerability in its NetScaler ADC and Gateway appliances, similar to “CitrixBleed” but less serious. The flaw allowed attackers to occasionally capture sensitive information, although Citrix didn’t assign a CVE identifier. Bishop Fox reported the issue to Citrix in January, urging affected organizations to update their systems. Bishop Fox recommended upgrading to NetScaler version 13.1-51.15 or beyond.
Based on the meeting notes, the key points to highlight are:
1. Citrix has addressed a vulnerability in its NetScaler Application Delivery Control (ADC) and Gateway appliances that allowed remote, unauthenticated attackers to obtain sensitive information from the memory of affected systems.
2. The vulnerability, identified by Bishop Fox, was less serious than the previous “CitrixBleed” (CVE-2023-4966) but still left the door open for attackers to occasionally capture sensitive information, including HTTP request bodies from the process memory of affected appliances.
3. Citrix had already addressed the issue in NetScaler version 13.1-51.15 before the vulnerability was publicly disclosed by Bishop Fox. However, it’s not clear if Citrix privately disclosed the vulnerability to customers.
4. The vulnerability was identified as an unauthenticated out-of-bounds memory issue, which could potentially allow attackers to obtain credentials submitted by users logging in to NetScaler ADC and Gateway appliances or cryptographic material used by the appliance.
5. The vulnerability affected NetScaler components when used for remote access and as authentication, authorization, and auditing (AAA) servers. Bishop Fox has recommended that organizations running the affected NetScaler version upgrade to Version 13.1-51.15 or beyond.
Please let me know if you need further details or if there’s anything else I can help with.