• Insights

Cloud Software Group Security Advisory for CVE-2024-6387

Jeff Silverman

< 1 min read

All Insights

Cloud Software Group Security Advisory for CVE-2024-6387

Cloud Software Group is aware of the vulnerability CVE-2024-6387 impacting OpenSSH. Qualys has discovered a remote unauthenticated code execution vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. Because this vulnerability is a regression of the previously patched vulnerability CVE-2006-5051, which was reported in 2006, it is being referred to as regreSSHion. The vulnerability has been assigned the CVE identifier CVE-2024-6387.

Please find below the impact status for the following Cloud Software Group products:

 
NetScaler & Citrix Products Status
NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway)

Impacted

Customers are advised to apply the latest update as soon as possible to reduce the risk of exploitation

NetScaler ADCand NetScaler Gateway 14.1-25.56 and later releases

NetScaler ADCand NetScaler Gateway 13.1-53.24 and later releases of 13.1

NetScaler ADCand NetScaler Gateway 13.0-92.31 and later releases of 13.0

NetScaler ADC 13.1-FIPS 13.1-37.190 and later releases of 13.1-FIPS

NetScaler ADC 12.1-FIPS 12.1-55.309 and later releases of 12.1-FIPS

NetScaler ADC 12.1-NDcPP 12.1-55.309 and later releases of 12.1-NDcPP

Citrix Analytics Not Impacted
Citrix Content Collaboration Not Impacted
Citrix Endpoint Management Under investigation
Citrix Secure Private Access Under investigation
Citrix Virtual Apps and Desktops Not Impacted
Citrix Workspace Not Impacted
NetScaler Console (formerly Citrix ADM) Under investigation
XenServer Products Status
Citrix Hypervisor Not Impacted
XenServer 8 Not Impacted
More information

https://support.citrix.com/article/CTX678072/cloud-software-group-security-advisory-for-cve20246387

For assistance from the Kraft Kennedy team, please contact us.