Cloud Software Group Security Advisory for CVE-2024-6387

SSH issues

The full support document is listed here

Cloud Software Group is aware of the vulnerability CVE-2024-6387 impacting OpenSSH. Qualys has discovered a remote unauthenticated code execution vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. Because this vulnerability is a regression of the previously patched vulnerability CVE-2006-5051, which was reported in 2006, it is being referred to as regreSSHion. The vulnerability has been assigned the CVE identifier CVE-2024-6387.

I have cut out the Networking products (see below) that this newsletter applies to, however take a look at the above link as you might need to take some actions if you have other products. In this case, investigation is live for :

To be clear, these support documents are ‘live’ documents, so updates get delivered as CSG finds them. It looks like NetScaler Console is under review as I write this.

What Cloud Software Group is Doing

Cloud Software Group is notifying customers and channel partners about this potential security issue through the publication of this security bulletin on the Citrix Knowledge Center at https://support.citrix.com/securitybulletins.