News

Attention to vulnerability of Citrix NetScaler(CTX232161, CTX234492/CTX230238, CTX230612)


Thank you for using NTT Communications Enterprise Cloud service.

The vulnerability (A.CTX232161 / B.CTX234492及びCTX230238 / C.CTX230612) of Citrix NetScaler which is provided as ECL2.0 Load Balancer menu is reported. ECL1.0 and ECL2.0 platforms carry no risk of this attack. If customers are using ECL2.0 Load Balancer (Citrix NetScaler VPX), please collect the latest information on vulnerability and if necessary take countermeasures against it appropriately.

Affected Version

Citrix_NetScaler_VPX_12.0-53.13_Standard_Edition

Citrix_NetScaler_VPX_11.0-67.12_Standard_Edition
Citrix_NetScaler_VPX_10.5-57.7_Standard_Edition

A.Vulnerability (CTX232161)

Impact of this vulnerability

Authenticated user can gain access to the nsroot account and execute commands with nsroot privileges.

For example, authenticated user can download arbitrary files, gain elevated privileges, send a specially crafted request to traverse the directory, and cause arbitrary scripting code to be executed by the target user’s browser.

Countermeasure

Please check whether access to the management interface (SNIP) is permitted only from a secure network.

If necessary, we recommend to disable administrative access with unnecessary management interfaces (1) and restrict source IP addresses to necessary management interface (2). Please note that Customer can not access NetScaler if Customer disable management access with all management interfaces.

 

(1) Disable management access to the management interface (SNIP)
* Communication towards VIP which accept the client request and transfer it to the backend servers is excluded
https://ecl.ntt.com/en/files/loadbalancer/20170927/citrix-netscaler-vulnerability-disable-mgmt-en.pdf

(2) Restrict management access to the management interface (SNIP)
https://ecl.ntt.com/en/files/loadbalancer/20170927/citrix-netscaler-vulnerability-acl-en.pdf

■Reference information (Citrix)
https://support.citrix.com/article/CTX232161

B.Vulnerability (CTX234492/CTX230238)

Impact of this vulnerability

If you communicate with SSL using RSA key exchange, attacker can exploit the appliance to decrypt TLS traffic.

Countermeasure

Limit Cipher Suite to be used to PFS(DHE/ECDHE).

Do not use Cipher Suite which does not include PFS(DHE/ECDHE).

Countermeasures for vulnerability(CTX234492/CTX230238) (PDF)

https://ecl.ntt.com/en/files/vulnerability/CTX234492_CTX230238.pdf

■Reference information (Citrix)
https://support.citrix.com/article/CTX234492

https://support.citrix.com/article/CTX230238

C.Vulnerability (CTX230612)

Impact of this vulnerability

If you use client certificate for authentication between NetScaler and real server, and use DHE key change with TLS connection, disclosure of clear text traffic through TLS handshake may happen.

Countermeasure

If you use client certificate for authentication between NetScaler and real server, please take one of the following countermeasures.

・Do not use Cipher Suiteof DHE.

・Stop using client certificate.

*If you do not use client certificate, no need to deal with this vulnerability.

Countermeasures for vulnerability (CTX230612)(PDF)

https://ecl.ntt.com/en/files/vulnerability/CTX230612.pdf

■Reference information (Citrix)
https://support.citrix.com/article/CTX230612