Citrix has issued urgent security updates for NetScaler products to address six vulnerabilities, including two significant flaws that pose serious risks to enterprise networks. The patches address the HTTP/2 Bomb attack vector and a high-severity information disclosure vulnerability that security researchers have compared to CitrixBleed, a previously exploited flaw that allowed attackers to steal session tokens and bypass authentication.
The HTTP/2 Bomb vulnerability represents a denial-of-service attack method that exploits the HTTP/2 protocol's compression mechanisms. Attackers can craft malicious requests that consume excessive server resources when decompressed, potentially causing service disruptions. This type of attack has affected multiple vendors and web server implementations across the industry.
The information disclosure vulnerability is particularly concerning because it shares characteristics with CitrixBleed (CVE-2023-4966), which was actively exploited by threat actors in 2023 to compromise enterprise networks. Such flaws can allow unauthorized access to sensitive information stored in device memory, including session tokens, credentials, and other data that could facilitate further attacks. The severity rating indicates this vulnerability could be exploited remotely without authentication.
NetScaler products, formerly known as Citrix ADC (Application Delivery Controller), are widely deployed in enterprise environments for load balancing, application acceleration, and secure remote access. A successful exploit of these vulnerabilities could allow attackers to disrupt critical business services or gain unauthorized access to internal networks and applications.
Citrix is strongly recommending that all NetScaler customers apply the available patches immediately. Organizations should prioritize updating internet-facing NetScaler instances first, as these present the highest risk exposure. Administrators should also review access logs for any suspicious activity that might indicate exploitation attempts and consider implementing additional monitoring until patches can be fully deployed across their infrastructure.
Source: https://www.securityweek.com/citrix-patches-netscaler-vulnerabilities-including-new-http-2-bomb-attack/


