Citrix Resolves High-Risk Flaw in NetScaler Servers Similar to Past CitrixBleed Vulnerability

May 7, 2024

Citrix has reportedly fixed a high-risk vulnerability in its NetScaler Application Delivery Control (ADC) and Gateway appliances. This vulnerability could have given remote, unauthenticated attackers the ability to extract potentially sensitive data from the memory of the systems affected.

The flaw, discovered and reported by security researchers at Bishop Fox in January, bears a striking resemblance to the CitrixBleed flaw (CVE-2023-4966) that Citrix disclosed last year. However, the recent flaw is not as serious as CitrixBleed, which was widely exploited by attackers to deploy ransomware, steal information, and for other malicious activities.

The Cybersecurity and Infrastructure Security Agency (CISA) had urged organizations affected by CitrixBleed to update their systems promptly, citing reports of widespread attacks exploiting the vulnerability. Major organizations like Boeing and Comcast Xfinity were among the targets of these attacks.

The flaw discovered by Bishop Fox in January was less threatening, as it was less likely to retrieve high-value information from a vulnerable system. However, the bug, found in NetScaler version 13.1-50.23, did provide an opportunity for an attacker to occasionally capture sensitive data, including HTTP request bodies from the memory of the affected appliances.

Citrix acknowledged the vulnerability disclosure on February 1, according to Bishop Fox. However, Citrix did not assign a CVE identifier to the flaw as it had already addressed the issue in NetScaler version 13.1-51.15, before the disclosure. It remains uncertain whether Citrix privately communicated the vulnerability to customers or even recognized the issue raised by Bishop Fox as a vulnerability.

Bishop Fox identified the vulnerability as an unauthenticated out-of-bounds memory issue, which essentially represents bugs that allow an attacker to access memory locations beyond a program's intended boundaries. The security firm's researchers exploited the vulnerability to capture sensitive data, including HTTP request bodies from an affected appliance's memory.

The flaw discovered by Bishop Fox impacted NetScaler components when used for remote access and as authentication, authorization, and auditing (AAA) servers. The security firm found the Gateway and AAA virtual server to be handling HTTP host request headers in an unsafe manner, which was the same underlying cause for CitrixBleed.

Bishop Fox's proof-of-concept code showed how a remote adversary could exploit the vulnerability to retrieve potentially useful information for an attack. The company advised organizations using the affected NetScaler version to upgrade to Version 13.1-51.15 or later.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.