Customers on NetScaler ADC and NetScaler Gateway who disable CBC mode ciphers and use alternatives, such as AES GCM, are not impacted by this issue.
This vulnerability has been addressed in the following versions of Citrix NetScaler ADC and NetScaler Gateway:
- Citrix NetScaler ADC and NetScaler Gateway version 10.5 Build 55.8, 10.5 Build 55.8007.e and later
- Citrix NetScaler ADC and NetScaler Gateway version 10.1 Build 130.13, 10.1 Build 130.1302.e and later
- Citrix NetScaler ADC and NetScaler Gateway version 9.3 Build 68.5 and later.
Customers using the Citrix NetScaler ADC and NetScaler Gateway 10.0 in the Common Criteria evaluated configuration should upgrade to version 10.0 Build 78.7 and later.
These new versions can be downloaded from the following locations:
NetScaler ADC Firmware
NetScaler ADC Virtual Appliance
NetScaler Gateway Product Software
Citrix recommends that customers using affected versions of the NetScaler ADC and NetScaler Gateway upgrade to a version of the appliance firmware that contains the fix for this issue as soon as possible.