Trouble comes in threes
A horrible week for sysadmins has been capped by the discovery of multiple vulnerabilities in networking security products from Citrix.
Citrix yesterday issued patches for 11 security bugs affecting its Application Delivery Controller (ADC), Gateway, and SD-WAN WAN Optimization edition networking products.
The flaws are comparable to recently disclosed vulnerabilities in enterprise-grade networking security appliances from Palo Alto and F5’s BIG-IP application delivery controller, the latter of which has become the target of active attack over recent days.
The impact of successful exploitation of the flaws addressed by Citrix this week might involve either temporary denial-of-service (i.e. crashing devices), information disclosure, local privilege elevation, or potentially worse.
The network giant argues that, in practice, a potential attacker would have to overcome various barriers in order to have any chance of mounting a successful attack.
Simply following Citrix’s recommended installation advice considerably lowers the scope for mischief.
Citrix said none of the latest flaws have become the target for exploitation, adding that it has patched all 11 issues.
Citrix ADC and Citrix Gateway were formerly known as NetScaler ADC and NetScaler Gateway, respectively.
YOU MIGHT ALSO LIKE Exploit developed for critical Palo Alto authentication flaw