“What it means, if it’s not patched, is that hackers can actually make the device crash, resulting in a DoS attack,” explained Erik Avakian, a technical counselor at Info-Tech Research Group. This can prevent the device from running and prevent services from performing as they would normally. “If this type of denial of service happens, nobody can use your VPN, remote applications, or other services it protects.”
On top of that, the vulnerability could allow hackers to run their own code on an impacted NetScaler box. A successful RCE compromise could give hackers the ability to install backdoors, steal data, create fake user accounts, or even use the device itself to attack others, Avakian explained.
“Basically, it’s like having a security guard at your front gate get knocked out cold and then be replaced with an impostor wearing their uniform,” he said.
