News
Attention to vulnerability of Citrix NetScaler(CTX232161, CTX234492/CTX230238, CTX230612)
Thank you for using NTT Communications Enterprise Cloud service.
The vulnerability (A.CTX232161 / B.CTX234492及びCTX230238 / C.CTX230612) of Citrix NetScaler which is provided as ECL2.0 Load Balancer menu is reported. ECL1.0 and ECL2.0 platforms carry no risk of this attack. If customers are using ECL2.0 Load Balancer (Citrix NetScaler VPX), please collect the latest information on vulnerability and if necessary take countermeasures against it appropriately.
Affected Version
Citrix_NetScaler_VPX_12.0-53.13_Standard_Edition
Citrix_NetScaler_VPX_11.0-67.12_Standard_Edition
Citrix_NetScaler_VPX_10.5-57.7_Standard_Edition
A.Vulnerability (CTX232161)
Impact of this vulnerability
Authenticated user can gain access to the nsroot account and execute commands with nsroot privileges.
For example, authenticated user can download arbitrary files, gain elevated privileges, send a specially crafted request to traverse the directory, and cause arbitrary scripting code to be executed by the target user’s browser.
Countermeasure
Please check whether access to the management interface (SNIP) is permitted only from a secure network.
If necessary, we recommend to disable administrative access with unnecessary management interfaces (1) and restrict source IP addresses to necessary management interface (2). Please note that Customer can not access NetScaler if Customer disable management access with all management interfaces.
(1) Disable management access to the management interface (SNIP)
* Communication towards VIP which accept the client request and transfer it to the backend servers is excluded
https://ecl.ntt.com/en/files/loadbalancer/20170927/citrix-netscaler-vulnerability-disable-mgmt-en.pdf
(2) Restrict management access to the management interface (SNIP)
https://ecl.ntt.com/en/files/loadbalancer/20170927/citrix-netscaler-vulnerability-acl-en.pdf
■Reference information (Citrix)
https://support.citrix.com/article/CTX232161
B.Vulnerability (CTX234492/CTX230238)
Impact of this vulnerability
If you communicate with SSL using RSA key exchange, attacker can exploit the appliance to decrypt TLS traffic.
Countermeasure
Limit Cipher Suite to be used to PFS(DHE/ECDHE).
Do not use Cipher Suite which does not include PFS(DHE/ECDHE).
Countermeasures for vulnerability(CTX234492/CTX230238) (PDF)
https://ecl.ntt.com/en/files/vulnerability/CTX234492_CTX230238.pdf
■Reference information (Citrix)
https://support.citrix.com/article/CTX234492
https://support.citrix.com/article/CTX230238
C.Vulnerability (CTX230612)
Impact of this vulnerability
If you use client certificate for authentication between NetScaler and real server, and use DHE key change with TLS connection, disclosure of clear text traffic through TLS handshake may happen.
Countermeasure
If you use client certificate for authentication between NetScaler and real server, please take one of the following countermeasures.
・Do not use Cipher Suiteof DHE.
・Stop using client certificate.
*If you do not use client certificate, no need to deal with this vulnerability.
Countermeasures for vulnerability (CTX230612)(PDF)
https://ecl.ntt.com/en/files/vulnerability/CTX230612.pdf
■Reference information (Citrix)
https://support.citrix.com/article/CTX230612