Zero-Day Attacks Exploited Critical Vulnerability in Citrix ADC and Gateway

/in


Jul 19, 2023THNVulnerability / Cyber Threat

Citrix ADC and Gateway

Citrix is alerting users of a critical security flaw in NetScaler Application Delivery Controller (ADC) and Gateway that it said is being actively exploited in the wild.

Tracked as CVE-2023-3519 (CVSS score: 9.8), the issue relates to a case of code injection that could result in unauthenticated remote code execution. It impacts the following versions –

  • NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.13
  • NetScaler ADC and NetScaler Gateway 13.0 before 13.0-91.13
  • NetScaler ADC and NetScaler Gateway version 12.1 (currently end-of-life)
  • NetScaler ADC 13.1-FIPS before 13.1-37.159
  • NetScaler ADC 12.1-FIPS before 12.1-55.297, and
  • NetScaler ADC 12.1-NDcPP before 12.1-55.297

The company did not give further details on the flaw tied to CVE-2023-3519 other than to say that exploits for the flaw have been observed on “unmitigated appliances.” However, successful exploitation requires the device to be configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or authorization and accounting (AAA) virtual server.

Also addressed alongside CVE-2023-3519 are two other bugs –

  • CVE-2023-3466 (CVSS score: 8.3) – An improper input validation vulnerability resulting in a reflected cross-site scripting (XSS) attack
  • CVE-2023-3467 (CVSS score: 8.0) – An improper privilege management vulnerability resulting in privilege escalation to the root administrator (nsroot)

Wouter Rijkbost and Jorren Geurts of Resillion have been credited with reporting the bugs. Patches have been made available to address the three flaws in the below versions –

  • NetScaler ADC and NetScaler Gateway 13.1-49.13 and later releases
  • NetScaler ADC and NetScaler Gateway 13.0-91.13 and later releases of 13.0
  • NetScaler ADC 13.1-FIPS 13.1-37.159 and later releases of 13.1-FIPS
  • NetScaler ADC 12.1-FIPS 12.1-55.297 and later releases of 12.1-FIPS, and
  • NetScaler ADC 12.1-NDcPP 12.1-55.297 and later releases of 12.1-NDcPP

Customers of NetScaler ADC and NetScaler Gateway version 12.1 are recommended to upgrade their appliances to a supported version to mitigate potential threats.

UPCOMING WEBINAR

Shield Against Insider Threats: Master SaaS Security Posture Management

Worried…

Source…