Aperçu
NetScaler ADC and NetScaler Gateway contain an insufficient input validation vulnerability in their SAML Identity Provider (IDP) configuration that could lead to memory overread attacks. This vulnerability allows authenticated or unauthenticated attackers to potentially access sensitive information from memory when the appliance is configured as a SAML IDP. The vulnerability requires specific configuration and does not affect default deployments. La vulnérabilité a été divulguée le March 23, 2026. CISA a identifié CVE-2026-3055 comme étant exploitée mais n'est pas actuellement connue pour être utilisée dans des campagnes de rançongiciel.
Détails techniques
NetScaler ADC and NetScaler Gateway, when configured as a SAML Identity Provider, fail to properly validate input parameters in SAML request handling. This insufficient input validation allows an attacker to craft a malicious SAML request that triggers a memory overread condition. The vulnerability could be exploited to read adjacent memory regions, potentially exposing sensitive data such as authentication tokens, configuration details, or other confidential information residing in memory.
La vulnérabilité est classifiée comme CWE-125 (Out-of-bounds Read) etCWE-20 (Improper Input Validation) .
La vulnérabilité a reçu un score de base CVSS v3.1 de 7.5 (HIGH) avec la chaîne vectorielle CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indiquant sa nature high.
Impact
An attacker can exploit this vulnerability to read sensitive information from the NetScaler appliance's memory. Potential data exposure includes: SAML authentication tokens, session keys, user credentials, API tokens, SSL/TLS certificates, encryption keys, configuration data, and other sensitive information stored in memory. While the vulnerability does not directly allow modification or denial of service, the information disclosure could lead to further attacks such as session hijacking or authentication bypass. The impact is limited to deployments where SAML IDP functionality is enabled.
Mitigation et contournements
1. Download the latest security patch for your NetScaler ADC/Gateway version from Citrix Support portal 2. Back up your current configuration using 'save ns config' 3. Upload the patch file to the appliance 4. Execute the patch installation: 'install ns patch <patch_file>' 5. Reboot the appliance when prompted 6. Verify the patch installation with 'show ns patch' 7. Restore configuration if needed and verify SAML IDP functionality Les versions suivantes incluent les correctifs nécessaires : NetScaler ADC 13.1-49.15 and later, NetScaler ADC 14.1-11.47 and later, NetScaler ADC 15.1-31.12 and later, NetScaler ADC 15.2-11.8 and later, NetScaler Gateway 13.1-49.15 and later, NetScaler Gateway 14.1-11.47 and later, NetScaler Gateway 15.1-31.12 and later, NetScaler Gateway 15.2-11.8 and later.
Comme contournements temporaires : temporarily disable saml idp functionality if not immediately required. navigate to system > authentication > saml idp and disable the service. this eliminates the attack surface while waiting for patches.; restrict network access to saml idp endpoints using network acls, firewall rules, or netscaler's built-in access control lists. limit saml authentication requests to trusted sources only., et monitor and log all saml authentication requests. enable audit logging for saml transactions and monitor for suspicious patterns or malformed requests..
Recommandation de CISA : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Ressources additionnelles
Source : Ce rapport a été généré par IA
