Citrix zero-day vulnerability under attack

Citrix zero-day vulnerability under attack

NetScalar appliances affected.

By on

Users of Citrix’s NetScaler ADC and NetScaler Gateway (formerly Citrix ADC and Citrix Gateway respectively) appliances should patch as soon as possible, with the vendor announcing a zero-day vulnerability that is under exploitation.

The vulnerabilities only affect customer-managed appliances; Citrix-provided cloud services or Adaptive Authentication services are not affected.

In its advisory, Citrix noted that the most serious vulnerability is CVE-2023-3519, which can be exploited by an unauthenticated attacker to get remote code execution. 

To be vulnerable, the advisory stated, the appliance has to be configured “as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy); or as an AAA virtual server”.

“Exploits of CVE-2023-3519 on unmitigated appliances have been observed”, the advisory stated.

The affected product versions are as follows: NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.13; NetScaler ADC and NetScaler Gateway 13.0 before 13.0-91.13; NetScaler ADC 13.1-FIPS before 13.1-37.159; NetScaler ADC 12.1-FIPS before 12.1-55.297; and NetScaler ADC 12.1-NDcPP before 12.1-55.297.

NetScaler ADC and Gateway 12.1 is vulnerable, but is end-of-life and won’t be patched.

The other two vulnerabilities are CVE-2023-3466, a reflected cross-site scripting vulnerable that’s only exploitable with victim interaction; and CVE-2023-3467, a privilege escalation bug.

To reach the editorial team on your feedback, story ideas and pitches, contact them here.
Copyright © . All rights reserved.

Most Read Articles