Critical vulnerabilities found in NetScaler ADC

Web application security specialists report the presence of a serious security flaw in Citrix NetSclaer/ADC that, if exploited, could allow an unauthenticated threat actor to perform arbitrary code execution on the target system.

The details revealed so far by Citrix are still minimal, although multiple web application security firms mention the identification of at least three components exposed to the exploitation of this flaw; the combination of the three vulnerable elements allows code execution attacks on the target NetScaler/ADC device.

Vulnerabilities allow threat actors to bypass a
security layer (or authorization restriction) for creating a file with
user-controlled content, which will then be processed using a server-side
scripting language. There may be other ways to perform arbitrary code
execution, so system administrators are advised to remain alert to new reports.

All supported product versions of Citrix ADC
(formerly NetScaler) and Citrix Gateway are affected, web application security
experts report. An attacker with access to the affected system’s web interface
could exploit the flaw to take control of the system, access private network
resources and perform many other malicious tasks by hijacking authenticated
user sessions or stealing credentials a user’s login.

The company recommends to its users the
implementation of a specific response policy to filter out possible
exploitation attempts. In addition, specialists at the International Institute of
Cyber Security (IICS) recommend that system administrators apply the
mitigations necessary to reduce the risk of exploitation while security updates
issued by the company are available.

Tripwire IP360 starting with ASPL-865 contains
remote heuristic detection of the vulnerable service. External attempts to
exploit this flaw will likely include HTTP requests with ‘/.. /’ and ‘/vpns/’
in the URL. This was noted in the mitigation steps suggested by Citrix.
Administrators should also watch for requests with custom headers that contain
walk patterns (for example, ‘/.. /’). 

To Top

Pin It on Pinterest

Share This