Cloud Software Group Security Advisory for CVE-2024-6387
Cloud Software Group is aware of the vulnerability CVE-2024-6387 impacting OpenSSH. Qualys has discovered a remote unauthenticated code execution vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. Because this vulnerability is a regression of the previously patched vulnerability CVE-2006-5051, which was reported in 2006, it is being referred to as regreSSHion. The vulnerability has been assigned the CVE identifier CVE-2024-6387.
Please find below the impact status for the following Cloud Software Group products:
| NetScaler & Citrix Products | Status |
| NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) |
Impacted Customers are advised to apply the latest update as soon as possible to reduce the risk of exploitation NetScaler ADCand NetScaler Gateway 14.1-25.56 and later releases NetScaler ADCand NetScaler Gateway 13.1-53.24 and later releases of 13.1 NetScaler ADCand NetScaler Gateway 13.0-92.31 and later releases of 13.0 NetScaler ADC 13.1-FIPS 13.1-37.190 and later releases of 13.1-FIPS NetScaler ADC 12.1-FIPS 12.1-55.309 and later releases of 12.1-FIPS NetScaler ADC 12.1-NDcPP 12.1-55.309 and later releases of 12.1-NDcPP |
| Citrix Analytics | Not Impacted |
| Citrix Content Collaboration | Not Impacted |
| Citrix Endpoint Management | Under investigation |
| Citrix Secure Private Access | Under investigation |
| Citrix Virtual Apps and Desktops | Not Impacted |
| Citrix Workspace | Not Impacted |
| NetScaler Console (formerly Citrix ADM) | Under investigation |
| XenServer Products | Status |
| Citrix Hypervisor | Not Impacted |
| XenServer 8 | Not Impacted |
More information
https://support.citrix.com/article/CTX678072/cloud-software-group-security-advisory-for-cve20246387
For assistance from the Kraft Kennedy team, please contact us.