Scheduled maintenance for Netscaler security vulnerability upgrade. Downtime it’s not expected.

Scheduled Maintenance Report for ops.visma.net

Completed

The scheduled maintenance has been completed.

Posted Jan 20, 2024 - 16:01 CET

In progress

Scheduled maintenance is currently in progress. We will provide updates as necessary.

Posted Jan 20, 2024 - 12:00 CET

Scheduled

Sunday, 21st of January 2024, starting at 12:00 CET we will upgrade the Netscaler instances that are affected by a security vulnerability. Downtime it’s not expected.

Two vulnerabilities have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway).

NetScaler ADC and NetScaler Gateway contain the vulnerabilities described below.

CVE ID: CVE-2023-6548
Description: Authenticated (low privileged) remote code execution on Management Interface
Pre-requisites: Access to NSIP, CLIP or SNIP with management interface access
CWE: CWE-94

CVE ID: CVE-2023-6549
Description: Denial of Service
Pre-requisites: Appliance must be configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
CWE: CWE-119

Read more here:
https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549

In order to avoid any risk, we will upgrade the affected instances Sunday, starting 12:00 CET. We don’t expect downtime during the change.

Assets involved:
ADC6 (Citrix gateway shared)
NS8(Citrix. Azets)
ADCVXO6 (citrix gateway aspse.visma.com)
ADC3 (stage)
ADC5 (stage)

Contact
If you have any questions or concerns, please contact our IT Service Desk:

Email: it-servicedesk@visma.com (during office hours)
Phone: +47 21 60 78 42 (when the matter is urgent, inside or outside office hours)
Service Owner: Simona Briscu

Posted Jan 18, 2024 - 14:35 CET