The Australian Cyber Security Centre (ACSC) has issued an alert about critical vulnerabilities in the Citrix NetScaler ADC and NetScaler Gateway solutions.
The NetScaler ADC vulnerability can result in remote code execution by an authenticated threat actor with access to the management interface, the ACSC reports.
The NetScaler Gateway vulnerability can result in a denial of service if the device is configured as a gateway or AAA virtual server.
Cloud Software Group reports both vulnerabilities are under active exploitation.
The ACSC encouraged application of any available mitigations as soon as possible.
In its advisory, Cloud Software Group said it "strongly urges affected customers of NetScaler ADC and NetScaler Gateway to install the relevant updated versions as soon as possible."
With respect to the NetScaler ADC vulnerability, the company said that it "only impacts the management interface. Cloud Software Group strongly recommends that network traffic to the appliance’s management interface is separated, either physically or logically, from normal network traffic."
"In addition, we recommend that you do not expose the management interface to the internet, as explained in the secure deployment guide. Removing such exposure to the internet greatly reduces the risk of exploitation of this issue."
