サイバーニュース.jp

世界のサイバーなニュースを配信

Critical NetScaler ADC and Gateway Flaws Expose Systems to Remote Attacks

カテゴリ:

Cloud Software Group Addresses Critical Vulnerabilities in NetScaler Products

Cloud Software Group has issued a critical security bulletin addressing two significant vulnerabilities found in customer-managed deployments of NetScaler Application Delivery Controller (ADC) and Gateway. These flaws, identified as CVE-2026-3055 and CVE-2026-4368, pose serious risks to system integrity by allowing attackers to extract sensitive data from memory or gain unauthorized access to sessions.

Critical Memory Overread Flaw

The most severe vulnerability is tracked as CVE-2026-3055 and carries a critical CVSS v4.0 base score of 9.3. This flaw was discovered internally during routine security reviews due to insufficient input validation, leading to an out-of-bounds memory read. An attacker exploiting this weakness could potentially access sensitive information stored in the appliance’s memory.

To be vulnerable to this specific attack, the NetScaler ADC or Gateway must be configured as a Security Assertion Markup Language (SAML) Identity Provider (IdP). If this configuration is not actively used, the appliance remains unexposed to this threat.

High Severity Session Mixup Vulnerability

The second vulnerability, CVE-2026-4368, carries a CVSS v4.0 score of 7.7 and is rooted in a race condition that can result in user session mixups, potentially misrouting active administrative or user sessions to the wrong individuals.

For an appliance to be exposed to this race condition, it must be actively configured as either an Authentication, Authorization, and Auditing (AAA) virtual server or as a Gateway. Specific Gateway configurations that introduce this risk include SSL VPN, ICA Proxy, Clientless VPN (CVPN), and RDP Proxy setups.

Affected Product Versions

According to Citrix, these vulnerabilities affect several supported builds of NetScaler products but only in customer-managed environments. The vendor automatically updates Citrix-managed cloud services and Adaptive Authentication, which are not impacted.

  • NetScaler ADC and Gateway:
  • 14.1 versions before 14.1-66.59 (CVE-2026-3055)
  • Version 14.1-66.54 specifically (CVE-2026-4368)
  • 13.1 versions before 13.1-62.23 (CVE-2026-3055)
  • FIPS and NDcPP Variants:
  • Versions before 13.1-37.262 (CVE-2026-3055)

Recommendations for System Administrators

Cloud Software Group recommends upgrading all impacted appliances to the latest patched releases immediately. The secured versions are 14.1-66.59, 13.1-62.23, and 13.1.37.262 for FIPS/NDcPP variants.

Administrators can verify if their current configurations expose them to these flaws by inspecting their NetScaler configuration files:

  • To confirm the SAML IdP profile is active, search for the string "add authentication samlIdPProfile ."
  • To check for exposure to the session mixup vulnerability, search for "add authentication vserver ." to identify AAA servers or "add vpn vserver .*" to locate active Gateway setups.

元記事: https://gbhackers.com/critical-netscaler-adc-and-gateway-flaws/

投稿をさらに読み込む