This vulnerability is being actively exploited in the wild.
A memory overflow vulnerability has been identified in Citrix NetScaler ADC and NetScaler Gateway. This vulnerability can cause unpredictable or erroneous behavior, leading to a denial-of-service condition. It occurs when NetScaler is configured as a Gateway with a PCoIP Profile bound to it.
Exploitation of this vulnerability can cause a denial-of-service condition, disrupting normal service operations.
To reproduce this vulnerability, NetScaler must be configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with a PCoIP Profile bound to it. This can be verified by inspecting the NetScaler configuration for the presence of a VPN virtual server with the PCoIP profile.
Affected customers should upgrade to NetScaler ADC and NetScaler Gateway versions 14.1-47.48 or later, 13.1-59.22 or later, or for versions 12.1-FIPS and 12.1-NDcPP, to 12.1-55.330 and later. NetScaler ADC and NetScaler Gateway versions 12.1 and 13.0 are now End Of Life and no longer supported.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
