Citrix NetScaler ADC and Gateway Memory Overread Vulnerability

A vulnerability allowing memory overread has been identified in Citrix NetScaler ADC and NetScaler Gateway. This issue arises from insufficient input validation on the NetScaler Management Interface. The vulnerability is present in NetScaler ADC and NetScaler Gateway versions 14.1 prior to 14.1-43.56, 13.1 prior to 13.1-58.32, as well as specific FIPS and NDcPP versions. The vulnerability affects customer-managed instances of NetScaler ADC and NetScaler Gateway, including Secure Private Access on-prem or Hybrid deployments using NetScaler instances.

Impact

Exploitation of this vulnerability leads to a memory overread, which can potentially be used to disclose sensitive information or cause a denial-of-service condition.

Remediation

Affected customers are advised to upgrade to NetScaler ADC and NetScaler Gateway versions 14.1-43.56, 13.1-58.32, 13.1-37.235-FIPS and NDcPP, or 12.1-55.328-FIPS. After upgrading, it's recommended to terminate all active ICA and PCoIP sessions.