Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
7 résultats taggé netscaler  ✕
NetScaler Critical Security Updates for CVE-2025-6543 and CVE-2025-5777 https://www.netscaler.com/blog/news/netscaler-critical-security-updates-for-cve-2025-6543-and-cve-2025-5777/
02/07/2025 11:57:16
QRCode
archive.org
thumbnail

June 26, 2025 by Anil Shetty netscaler.com
Over the past two weeks, Cloud Software Group has released builds to address CVE-2025-6543 and CVE 2025-5777, which affect NetScaler ADC and NetScaler Gateway if they are configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR an Authentication Authorization and Auditing (“AAA”) virtual server. While both of the vulnerabilities involve the same modules, the exposures differ. CVE 2025-6543, if exploited, could lead to a memory overflow vulnerability, resulting in unintended control flow and Denial of Service. CVE 2025-5777 arises from insufficient input validation that leads to memory overread.

Some commentators have drawn comparisons between CVE 2025-5777 and CVE 2023-4966. While the vulnerabilities share some characteristics, Cloud Software Group has found no evidence to indicate that they are related.

The description of the vulnerability on the NIST website for CVE-2025-5777 initially erroneously identified NetScaler Management Interface as implicated in the vulnerability, but they subsequently updated the description to exclude it. The most accurate description of CVE 2025-5777 can be found in the Citrix security bulletin published on June 17, 2025.

Through our internal review process and by collaborating with customers, we identified the affected NetScaler ADC and NetScaler Gateway builds. CVE 2025-5777 only applies to customer-managed NetScaler ADC and NetScaler Gateway. Cloud Software Group upgrades Citrix-managed cloud services and Citrix-managed Adaptive Authentication with the necessary software updates. Please refer to the security bulletin for more details.

Citrix has signed CISA’s Secure by Design pledge, reinforcing our commitment to building security into every stage of the product lifecycle. As part of this pledge, we prioritize security by default, transparency, and accountability in how we manage vulnerabilities. Our Product Security Incident Response Team (PSIRT) follows industry standards to assess, address, and disclose vulnerabilities responsibly. We work closely with security researchers, government agencies and customers to ensure timely fixes and clear communication. Learn more about our responsible disclosure process at Citrix Vulnerability Response.

Additionally, there’s an issue related to authentication that you may observe after upgrading NetScaler to build 14.1 47.46 or 13.1 59.19. This can manifest as a “broken” login page, especially when using authentication methods like DUO configurations based on Radius authentication, SAML, or any Identity Provider (IDP) that relies on custom scripts. This behavior can be attributed to the Content Security Policy (CSP) header being enabled by default in this NetScaler build, especially when CSP was not enabled prior to the upgrade. For more information on this issue please refer to the KB article.

netscaler EN 2025 CVE-2025-6543 CVE-2025-5777 Critical vulnerabilty
NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-5349 and CVE-2025-5777 https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420&articleTitle=NetScaler_ADC_and_NetScaler_Gateway_Security_Bulletin_for_CVE_2025_5349_and_CVE_2025_5777
18/06/2025 09:15:12
QRCode
archive.org

Severity - Critical
Description of Problem

A vulnerability has been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). Refer below for further details.
Affected Versions

The following supported versions of NetScaler ADC and NetScaler Gateway are affected by the vulnerabilities:

NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-43.56
NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-58.32
NetScaler ADC 13.1-FIPS and NDcPP  BEFORE 13.1-37.235-FIPS and NDcPP
NetScaler ADC 12.1-FIPS BEFORE 12.1-55.328-FIPS

Details

NetScaler ADC and NetScaler Gateway contain the vulnerabilities mentioned below:
CVE ID Description Pre-conditions CWE CVSSv4
CVE-2025-5349 Improper access control on the NetScaler Management Interface Access to NSIP, Cluster Management IP or local GSLB Site IP CWE-284: Improper Access Control

CVSS v4.0 Base Score: 8.7

(CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L)
CVE-2025-5777 Insufficient input validation leading to memory overread NetScaler must be configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server CWE-125: Out-of-bounds Read

CVSS v4.0 Base Score: 9.3

(CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L)

support.citrix.com EN 2025 Critical vulnerability CVE-2025-5777 CVE-2025-5349 NetScaler ADC NetScaler Gateway Security-Bulletin
Citrix Denial of Service: Analysis of CVE-2024-8534 https://www.assetnote.io/resources/research/citrix-denial-of-service-analysis-of-cve-2024-8534
13/12/2024 08:28:16
QRCode
archive.org

An analysis of CVE-2024-8534, a memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway.

assetnote EN 2024 CVE-2024-8534 analysis NetScaler Gateway ADC vulnerability
Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately https://www.bleepingcomputer.com/news/security/citrix-warns-admins-to-patch-netscaler-cve-2023-4966-bug-immediately/
25/10/2023 08:00:52
QRCode
archive.org
thumbnail

Citrix warned admins today to secure all NetScaler ADC and Gateway appliances immediately against ongoing attacks exploiting the CVE-2023-4966 vulnerability.

bleepingcomputer EN 2023 Citrix Netscaler Warning CVE-2023-4966 ADC GAteway
CVE-2023-4966: NetScaler Critical Security Update Now Available https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/
25/10/2023 07:57:47
QRCode
archive.org
thumbnail

CVE-2023-4966 affects NetScaler ADC and NetScaler Gateway and, if exploited, could result in unauthorized data disclosure. Learn more.

NetScaler EN 2023 CVE-2023-4966 ADC
X-Force uncovers global NetScaler Gateway credential harvesting campaign https://securityintelligence.com/posts/x-force-uncovers-global-netscaler-gateway-credential-harvesting-campaign/
08/10/2023 13:16:54
QRCode
archive.org
thumbnail

In September of 2023, X-Force uncovered a campaign where attackers were exploiting the vulnerability identified in CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials. The campaign is another example of increased interest from cyber criminals in credentials. The 2023 X-Force cloud threat report found that 67% of cloud-related incident response engagements were associated with the use of stolen credentials.

securityintelligence EN 2023 NetScaler Gateway CVE-2023-3519 credential harvesting campaign
Released: Citrix ADC and Citrix Gateway (security bulletin CTX474995) security update https://www.citrix.com/blogs/2022/12/13/critical-security-update-now-available-for-citrix-adc-citrix-gateway/
13/12/2022 16:15:44
QRCode
archive.org
thumbnail

Learn about security updates for versions 12.1 (including FIPS and NDcPP) and 13.0 before 13.0-58.32 of Citrix ADC and Citrix Gateway and get fixes for both (security bulletin CTX474995).

citrix EN 2022 citrix-adc citrix-gateway netscaler netscaler-gateway ctx474995 citrix-vulnerability citrix CVE-2022-27518
4477 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio