The HHS is urging healthcare organizations to patch a new vulnerability affecting NetScaler ADC, formerly Citrix ADC, and NetScaler Gateway.
Citrix issued a security advisory on Oct. 10 stating that the vulnerability, known as "Citrix Bleed," is currently under active exploitation, according to a Nov. 30 news release from the HHS.
The HHS is strongly advising healthcare organizations to undergo upgrades to forestall additional harm.
The following versions are currently capable of being exploited:
- NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50
- NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.15
- NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.19
- NetScaler ADC and NetScaler Gateway version 12.1 (EOL)
- NetScaler ADC 13.1FIPS before 13.1-37.163
- NetScaler ADC 12.1-FIPS before 12.1-55.300
- NetScaler ADC 12.1-NDcPP before 12.1-55.300