Jump to content

    NetScaler WAF Signatures Update v139

     

    NetScaler has released a new version of its integrated Web App Firewall signatures to help customers mitigate several CVEs with varying CVSS scores. 

    CVE-2024-1212: Progress LoadMaster is a load balancing solution developed by Progress Software, designed to optimize application performance and availability. The product is affected by a critical vulnerability, CVE-2024-1212 with CVSS score of 10.0, which allows unauthenticated remote attackers to exploit the LoadMaster management interface in versions up to, and including, 7.2.48.9. Exploiting this vulnerability enables attackers to execute arbitrary system commands, potentially compromising the entire system.

    CVE-2024-29824: Ivanti Endpoint Manager (EPM) by Ivanti is a comprehensive solution for managing and securing endpoints across an enterprise network. A critical SQL injection vulnerability, identified as CVE-2024-29824, affects all versions up to, and including, 2024.1. Exploiting this vulnerability allows unauthenticated attackers within the same network to execute arbitrary code, potentially compromising sensitive data and system integrity.

     

     Signatures included in v139:

    Signature rule

    CVE ID

    Description

    998418

    CVE-2024-7591

    WEB-MISC Progress LoadMaster Prior To 7.2.60.1 - Authenticated OS Command Injection Vulnerability (CVE-2024-7591)

    998419

    CVE-2024-6658

    WEB-MISC Progress LoadMaster Prior To 7.2.60.1 - OS Command Injection Vulnerability (CVE-2024-6658)

    998420

    CVE-2024-5015

    WEB-MISC WhatsUp Gold Prior To 2023.1.3 - SSRF Vulnerability (CVE-2024-5015)

    998421

    CVE-2024-45507

    WEB-MISC Apache Ofbiz Prior to 18.12.16 - SSRF Vulnerability (CVE-2024-45507)

    998422

    CVE-2024-45195

    WEB-MISC Apache Ofbiz Prior to 18.12.16 - Direct Request ('Forced Browsing') vulnerability (CVE-2024-45195)

    998423

    CVE-2024-29824

    WEB-MISC Ivanti Endpoint Manager Prior To v2022 SU5 - SQL Injection RCE Vulnerability (CVE-2024-29824)

    998424

    CVE-2024-2448

    WEB-MISC Progress LoadMaster - OS Command Injection Vulnerability (CVE-2024-2448)

    998425

    CVE-2024-1212

    WEB-MISC Progress LoadMaster - Unauthenticated OS Command Injection Vulnerability via accessv2 (CVE-2024-1212)

    998426

    CVE-2024-1212

    WEB-MISC Progress LoadMaster - Unauthenticated OS Command Injection Vulnerability via access (CVE-2024-1212)

     

    NetScaler customers can quickly import the above signatures to help reduce risk and lower exposure associated with these vulnerabilities. Signatures are compatible with NetScaler (formerly Citrix ADC) software version 11.1, 12.0, 12.1, 13.0 and 13.1. NOTE: Software versions 11.1 and 12.0 are end of life, and you should consider upgrading for continued support. Learn more about the NetScaler software release lifecycle.

     

    If you are already using NetScaler Web App Firewall with the signature auto-update feature enabled, verify that your signature file version is 139 or later and then follow these steps.

    1. Search your signatures for <number>
    2. Select the results with ID 
    3. Choose “Enable Rules” and click OK

     

    NetScaler WAF Best Practices

    NetScaler recommends that WAF users always download the latest signature version, enable signature auto-update, and subscribe to receive signature alert notifications. NetScaler will continue to monitor this dynamic situation and provide updates as new mitigations become available.

     

    Handling false positives

    If app availability is affected by false positives that result from the above mitigation policies, relaxations can be applied. NetScaler recommends the following modifications to the policy.

     

    Modifications to NetScaler Web App Firewall Policy:

    add policy patset exception_list

    # (Example: bind policy patset exception_list “/exception_url”) 

    Prepend the existing WAF policy with:

    HTTP.REQ.URL.CONTAINS_ANY(“exception_list”).NOT

    # (Example :  set appfw policy my_WAF_policy q^HTTP.REQ.URL.CONTAINS_ANY(“exception_list”).NOT && <existing rule>^

    NOTE: Any endpoint covered by the exception_list may expose those assets to risks 

    Additional Information

    NetScaler Web App Firewall benefits from a single code base across all its form-factors (physical, virtual, bare-metal, and containers). This signature update applies to all form factors and deployment models of NetScaler Web App Firewall.

    Learn more about NetScaler Web app Firewall. Read our alert articles and bot signature articles to learn more about NetScaler WAF signatures, and find out how you can receive signature alert notifications.

    Please join the NetScaler Community today and engage with your peers to learn more about how they are protecting their businesses with NetScaler WAF. 





     


    User Feedback

    Recommended Comments

    There are no comments to display.



    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

×
×
  • Create New...