10 Jul

July 9, 2024 by Anil Shetty NetScaler blog post

NetScaler has released builds to address the following CVEs:

  • CVE-2024-6235 impacts the NetScaler Console (previously known as NetScaler ADM). CVE-2024-6236 affects the NetScaler Console, NetScaler Agent, and NetScaler SVM, but not the NetScaler VPX instances within NetScaler SDX. 
  • CVE-2024-5491 and CVE-2024-5492 are specific to NetScaler ADC and NetScaler Gateway.

Third-Party CVE:

  • CVE-2024-6387 is third-party software vulnerability on the open source OpenSSH module and affects NetScaler (NetScaler ADC and NetScaler Gateway)

All five of these CVEs apply only to customer-managed instances of NetScaler. 

If the infrastructure is managed by NetScaler, including services like the NetScaler Console, no further action is required.

CVE-2024-6235 and CVE-2024-6236

CVE-2024-6235, identified as a critical severity vulnerability, allows sensitive information disclosure.  CVE-2024-6236, identified as a high severity vulnerability, allows for a denial-of-service attack.

These vulnerabilities were identified through internal research, with no known exploits currently in the wild. Users operating affected builds with NetScaler Console accessible over the public internet are urged to promptly apply the recommended updates for NetScaler ADC, NetScaler Gateway, and NetScaler Console. 

It is advised to not expose NetScaler Console or its components to the public internet; instead, keep the NetScaler Console IP within a private network.

Although precise data is unavailable, it appears that the number of customer-managed NetScaler Consoles exposed online is relatively small compared to the global deployment of NetScaler ADCs.

Nonetheless, even if NetScaler Console is not externally accessible, updating is still advised to safeguard against potential insider threats.

CVE-2024-5491 and CVE-2024-5492

CVE-2024-5491, classified as a high-severity vulnerability, enables a denial-of-service attack. 

CVE-2024-5492, classified as a medium-severity vulnerability, permits a remote unauthenticated attacker to redirect users to arbitrary or potentially harmful websites. I

t is important to note that NetScaler version 12.1 (NetScaler ADC and NetScaler Gateway) has reached end of life and remains vulnerable. Users of version 12.1 are advised to upgrade to a supported version that mitigates these vulnerabilities. 

In this communication and the associated security bulletins for NetScaler ADC and NetScaler Console, limited technical details are provided intentionally to prevent aiding potential malicious exploitation.


CVE-2024-6387 is related to the OpenSSH module that is used by many networking products including NetScaler. Discovered externally by Qualys, this vulnerability is a signal handler race condition in OpenSSH’s server (sshd) that allows unauthenticated remote code execution as root on glibc-based Linux systems. 

NetScaler is addressing this vulnerability as part of the same upgrade patch published below.

Update installation

Permanent fixes are available to download here:

Improved vulnerability management with NetScaler Console 

Utilizing NetScaler Console, previously known as NetScaler Application Delivery Management, is highly recommended to examine its security capabilities. The Security Advisory and Upgrade Advisory functions are designed to expedite patching processes, a crucial advantage given the present threat environment.

  • Security Advisory protects your infrastructure by highlighting NetScaler ADCs with CVE exposure, scheduling on-demand vulnerability scans, and suggesting remediations.
  • Upgrade Advisory helps you with the lifecycle management of NetScaler ADCs.
  • File Integrity Monitoring ensures the integrity of the files on NetScaler ADCs by determining if changes have been made to your NetScaler build files.

More Information

* The email will not be published on the website.