Cloud Software Group Confirms CVE-2024-6387 Exposure in NetScaler

Cloud Software Group has issued a security advisory warning customers of a critical vulnerability in OpenSSH, a widely used secure shell protocol. The vulnerability, tracked as CVE-2024-6387 and nicknamed “regreSSHion,” could allow unauthenticated attackers to execute arbitrary code with root privileges on affected systems.

The regreSSHion vulnerability stems from a signal handler race condition in the sshd service, which can be exploited to achieve remote code execution (RCE) with root privileges. This makes the vulnerability particularly severe, though it is reportedly difficult to exploit and requires multiple attempts to corrupt memory successfully.

Cloud Software Group has confirmed that several of its products, including NetScaler ADC, NetScaler Gateway, and NetScaler Console, are impacted by this vulnerability. Customers are strongly advised to apply the latest updates as soon as possible to mitigate the risk of exploitation.

Other products, such as Citrix Endpoint Management and Citrix Secure Private Access, are currently under investigation, while Citrix Virtual Apps and Desktops, Citrix Workspace, Citrix Analytics, Citrix Hypervisor, and XenServer 8 are not affected.

This week, Cloud Software Group published five other security advisories, with one rated as “Critical.”

The critical advisory addresses a sensitive information disclosure flaw CVE-2024-6235 found in NetScaler Console (formerly Citrix ADM), and a denial of service vulnerability CVE-2024-6236 affecting NetScaler Console, NetScaler SDX, and NetScaler Agent.

CVE-2024-6235 has been assigned a base score of 9.4 by the Common Vulnerability Scoring System (CVSSv4.0), while CVE-2024-6236 has been rated 7.1.

Additionally, advisories concerning the Citrix Workspace app for Windows, Citrix Virtual Apps and Desktops, Citrix DaaS, Virtual Delivery Agent for Windows, NetScaler ADC (formerly Citrix ADC), and NetScaler Gateway (formerly Citrix Gateway) have been classified as “High” in severity. The remaining two advisories are rated as “Medium.”