This is an update to our Threat Response of the 18 of July regarding critical vulnerabilities in NetScaler ADC and NetScaler Gateway. For the full text of this Threat Response, see below.
Dit is een update op onze Threat Response van 18 juli over een kritieke kwetsbaarheid in NetScaler ADC and NetScaler Gateway. Voor de volledige tekst van deze Threat Response, zie onder.
In addition to our previous Threat Response, we want to raise your attention to the following:
While there is no public exploit available of the vulnerability at this time, our CERT is observing incidents where this vulnerability is exploited. We again urge you to patch your systems as soon as possible if you haven't done so.
The patch provided by Citrix only mitigates the vulnerability. If you have already updated your systems, please perform a compromise assessment to assess if the vulnerability was exploited before the patch was applied. The CISA has published an assessment and methods to evaluate if your system is compromised .
If you have an indication that your system may be compromised based on the detection methods listed, please call our CERT with number listed at the end of this email.
What will Northwave do?
Northwave continuously monitor any developments regarding this vulnerability. If new critical information about this threat arises, Northwave will reach out immediately. We are continuously investigating based on these new developments to update our detection capabilities where possible. You can call us by phone or send us an email if you would like additional information.
Phone number: +31 (0)30-303 1244 (during business hours)Do you have an incident right now? Call our Incident Response Team: 00800 1744 0000
Disclaimer applies, see below.
Northwave has made every effort to make this information accurate and reliable. However, the information provided is without warranty of any kind and its use is at the sole risk of the user. Northwave does not accept any responsibility or liability for the accuracy, content, completeness, legality or reliability of the information provided. We shall not be liable for any loss or damage of whatever nature, direct or indirect, consequential or other, whether arising in contract, tort or otherwise, which may arise as a result of your use of, or inability to use, this information or any additional information provided by us in direct or indirect relation to the information provided here.