An authentication flaw has been identified in certain configurations of Citrix NetScaler ADC and NetScaler Gateway that could allow an authenticated user to obtain unauthorised access to network resources for another authenticated user.
This flaw affects the following versions of Citrix NetScaler ADC and NetScaler Gateway:
This flaw has been assigned the following CVE number:
CVE-2014-8580: Authentication Flaw in Citrix NetScaler Application Delivery Controller and NetScaler Gateway Could Result in Unauthorised Access to Network Resources
In default configuration configurations of Citrix NetScaler ADC and NetScaler Gateway, the authentication flaw would not be exposed.
This flaw has been addressed in the following versions:
Citrix recommends that customers that are vulnerable to this issue upgrade to one of these versions. These upgrades can be obtained from the following locations:
NetScaler ADC Firmware
<https://www.citrix.com/downloads/netscaler-adc/firmware.html>
NetScaler ADC Virtual Appliance
<https://www.citrix.com/downloads/netscaler-adc/virtual-appliances.html>
NetScaler Gateway Product Software
<https://www.citrix.com/downloads/netscaler-gateway/product-software.html>
Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at _ <http://support.citrix.com/>_.
If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at _ <https://www.citrix.com/support/open-a-support-case.html>_.
Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 β Reporting Security Issues to Citrix
Date | Change |
---|---|
November 5th 2014 | Initial publishing |