On November 12, 2024, Cloud Software Group released builds to fix CVE-2024-8534 and CVE-2024-8535, which affect NetScaler ADC and NetScaler Gateway. CVE-2024-8534 This vulnerability is a memory safety vulnerability, and successful exploitation can lead to memory corruption and denial of service. In order for this vulnerability to be exploited any of the following … [Read more...] about CVE-2024-8534 and CVE-2024-8535: High severity security updates for NetScaler ADC and NetScaler Gateway
Guidance on CVEs that may affect your NetScaler deployment
On July 9, 2024, NetScaler released builds to fix the following CVEs: Third-Party CVE: All five of these CVEs apply only to customer-managed instances of NetScaler. If you have NetScaler-managed infrastructure, such as NetScaler Console Service, you do not need to take any action. CVE-2024-6235 and CVE-2024-6236 CVE-2024-6235, identified as a critical … [Read more...] about Guidance on CVEs that may affect your NetScaler deployment
NetScaler is not impacted by the HTTP/2 CONTINUATION flood DoS vulnerability
On April 3, 2024, Bartek Nowotarski published a blog on HTTP/2 CONTINUATION flood that impacts multiple implementations of the HTTP/2 protocol. Please refer to this link for more details on the vulnerability. NetScaler is not impacted, and NetScaler software and platforms (SDX/MPX/VPX/BLX/CPX) are not vulnerable to the HTTP/2 CONTINUATION flood vulnerability that was … [Read more...] about NetScaler is not impacted by the HTTP/2 CONTINUATION flood DoS vulnerability
High-severity updates are available for NetScaler ADC and NetScaler Gateway
On January 16, 2024, Cloud Software Group released builds to fix CVE-2023-6548 and CVE-2023-6549, which affect NetScaler ADC and NetScaler Gateway. You can find more details in the security bulletin. These issues only apply to customer-managed NetScaler ADC and NetScaler Gateway. Customers using Citrix-managed cloud services or Citrix-managed Adaptive Authentication … [Read more...] about High-severity updates are available for NetScaler ADC and NetScaler Gateway
NetScaler investigation recommendations for CVE-2023-4966
On October 10, 2023, NetScaler published a security bulletin for CVE-2023-4966 — now dubbed by some as “CitrixBleed” — that affects customer-managed NetScaler ADC and NetScaler Gateway. This critical vulnerability was discovered by our internal team. At the time we published the security bulletin, we were unaware that this vulnerability had been exploited in the wild, and … [Read more...] about NetScaler investigation recommendations for CVE-2023-4966