An issue in firmware builds for Citrix's NetScaler ADC product has led to the company removing the 10.1, 10.5, 11.0, 11.1 and 12.0 builds from its download area.
A tweet from well-known British security researcher Kevin Beaumont said the issue was identified three days ago.
I’m told there is a supply chain issue with Citrix and they’re reissuing firmware for Netscaler. When out customers should upgrade ASAP. pic.twitter.com/6ZLfhTKK1V
— Kevin Beaumont ? (@GossiTheDog) 23 September 2017
Citrix says Netscaler is a "an application delivery controller that provides flexible delivery services for traditional, containerised and microservice applications from your data centre or any cloud".
{loadposition sam08}"It features unmatched security, superior L4-7 load balancing, reliable GSLB, and increased uptime."
Beaumont also claimed that Citrix was one of the companies targeted by the malware planted in the CCleaner utility for Windows. News of the compromise of CCleaner was reported on 17 September.
Citrix was one of the targets with CCleaner, they had their internal AD domain.
— Kevin Beaumont ? (@GossiTheDog) 23 September 2017
"Citrix was one of the targets with CCleaner, they had their internal AD domain," he tweeted.
Citrix did not offer any specifics as to what the issue was with the builds in question.
"Currently, we are testing replacement builds, which we expect to release in the coming days," the company said in an advisory.
"In the meantime, our guidance is to make sure your NetScaler is configured following our best practices guides."
Citrix have issued best practice for securing Netscaler, around management interface: https://t.co/v0B39Z21FV pic.twitter.com/LIJ6PkBWGw
— Kevin Beaumont ? (@GossiTheDog) 23 September 2017
iTWire has sought comment from Citrix as to the details of the issue with the builds mentioned.
Graphic: courtesy Citrix