I need to upgrade netscaler firmware to address CVE-2019-19781.
Citrix have following 2 links for firmware download:-
https://www.citrix.com/downloads/citrix-adc/
https://www.citrix.com/downloads/citrix-gateway/
Which link should I use to download the package?
These are virtual appliance on ESXi.
1. One Netscaler current firmware is NS10.5: Build 55.8007.e.nc.
It has following features enabled:-
Feature Acronym Status
------- ------- ------
Load Balancing LB ON
Content Switching CS ON
SSL Offloading SSL ON
Rewrite REWRITE ON
Responder RESPONDER ON
AppFlow AppFlow ON
Shoudl I download the "Netscaler Gateway 10.5.e" frimware for it from the
https://www.citrix.com/downloads/citrix-gateway/ URL?
If I choose this one then the latest one is from Sep 25, 2017 which won't cover this CVE.
If I choose the "Netscaler Gateway 10.5" frimware then the latest is Jan 24, 2020 which shoudl cover this CVE.
If I choose the "Netscaler ADC release 10.5" frimware/virtual appliance for it from the
https://www.citrix.com/downloads/citrix-adc/ URL then the latest is from Jan 24, 2020 which should cover this CVE.
Which one shoudl I choose?
2. Another netscaler has firmware - NS12.1: Build 50.31.nc
It has following features enabled:-
Feature Acronym Status
------- ------- ------
Load Balancing LB ON
Content Switching CS ON
SSL Offloading SSL ON
SSL VPN SSLVPN ON
Responder RESPONDER ON
AppFlow AppFlow ON
CallHome CH ON
Mode Acronym Status
------- ------- ------
Fast Ramp FR ON
Edge configuration Edge ON
Use Subnet IP USNIP ON
Layer 3 mode (ip forwarding) L3 ON
Path MTU Discovery PMTUD ON
Shoudl I download the "Netscaler Gateway 12.1" frimware for it from the
https://www.citrix.com/downloads/citrix-gateway/ URL?
OR
"Netscaler ADC release 12.1" frimware/Virtual Appliance from
https://www.citrix.com/downloads/citrix-adc/ URL
But customers buying a "gateway" don't want to download an "ADC".
For the upgrade you take the "ncore" file.