CVE-2024-8534

Name of the Vulnerable Software and Affected Versions: Citrix NetScaler Application Delivery Controller (ADC) and Citrix NetScaler Gateway (affected versions not specified)

Description: The issue is related to a memory safety vulnerability that can lead to memory corruption and Denial of Service in Citrix NetScaler ADC and Gateway. This can occur when the appliance is configured as a Gateway with RDP Feature enabled or as a Gateway with RDP Proxy Server Profile created and set to Gateway, or as an Auth Server with RDP Feature enabled. The vulnerability can be exploited by sending specially crafted packets, allowing a remote attacker to cause a Denial of Service. It is estimated that over 342,700 services are potentially affected.

Recommendations: To resolve the issue, update the Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway to a version that includes the fix for this vulnerability. As a temporary workaround, consider disabling the RDP Feature or RDP Proxy Server Profile on the Gateway until a patch is available. Restrict access to the Auth Server with RDP Feature enabled to minimize the risk of exploitation. Avoid using the RDP Feature in the affected Gateway configurations until the issue is resolved.