HomeVulnerabilityCitrix quietly fixes a brand new important vulnerability much like Citrix Bleed

Citrix quietly fixes a brand new important vulnerability much like Citrix Bleed

Citrix Bleed was assigned a CVSS rating of 9.4/10, making it a high-severity, important info disclosure vulnerability. Very like this vulnerability, Citrix Bleed’s exploit was solely potential within the situations the place NetScaler ADC and Gateway units had been configured as a Gateway (VPN digital server, ICA Proxy, CVPN, RDP Proxy) or AAA  digital server.

This bug’s incapacity to show information with very excessive sensitivity separates it from CVE-2023-4966. “This bug is almost equivalent to the Citrix Bleed vulnerability (CVE-2023-4966), besides it’s much less more likely to return extremely delicate info to an attacker,” the weblog added.

Citrix silently patched the flaw

Whereas the vulnerability has not been assigned a CVE ID, in all probability as a result of Citrix has made no public disclosure in regards to the vulnerability till now, it was noticed to be fastened in NetScaler model 13.1-51.15.

There’s hypothesis that the corporate has silently addressed the difficulty with out making any disclosures. Bishop Fox urged customers to replace to model 13.1-51.15 or later as an answer to this vulnerability.

See also  Fortinet urges patching N-day bug amid ongoing nation-state exploitation

“The vulnerability permits an attacker to get better probably delicate information from reminiscence,” Bishop Fox added. “Though normally nothing of worth is returned, now we have noticed situations the place POST request our bodies are leaked. These POST requests could include credentials or cookies.” It’s unclear whether or not Citrix had disclosed this vulnerability privately to its prospects or had even acknowledged the difficulty raised by Bishop Fox as a vulnerability.

- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular