Citrix warns customers of a critical vulnerability (CVE-2023-3519) in Net-scalar ADC and Gateway that is being exploited in the wild.
Citrix warns customers of a critical vulnerability (CVE-2023-3519) in Net-scalar ADC and Gateway that is being exploited in the wild.
The vulnerability CVE-2023-3519 receives a CVSS score of 9.8. This vulnerability allows attackers to inject code into a system without needing to authenticate themselves. This can lead to remote code execution, meaning an attacker can run commands on the affected system remotely. Citrus warns that there are known exploits for this vulnerability and that attacks have been observed against systems that have not been patched.
The company also added that successful exploitation requires configuring the appliance as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
“Exploits of CVE-2023-3519 on unmitigated appliances have been observed. Cloud Software Group strongly urges affected customers of NetScaler ADC and NetScaler Gateway to install the relevant updated versions as soon as possible.” reads the report published by Citrix.
Below is the list of the impacted versions:
- NetScaler ADC and NetScaler Gateway 13.1-49.13 and later releases
- NetScaler ADC and NetScaler Gateway 13.0-91.13 and later releases of 13.0
- NetScaler ADC 13.1-FIPS 13.1-37.159 and later releases of 13.1-FIPS
- NetScaler ADC 12.1-FIPS 12.1-55.297 and later releases of 12.1-FIPS
- NetScaler ADC 12.1-NDcPP 12.1-55.297 and later releases of 12.1-NDcPP
The advisory states that NetScalar ADC and NetScalar Gateway version 12.1 are now End Of Life (EOL), and customers should upgrade their appliances to one of the supported versions that address the vulnerability.
The updates also include fixes for two other vulnerabilities identified as CVE-2023-3466 and CVE-2023-3467.
CVE-2023-3466 has a CVSS score of 8.3. This vulnerability is a reflected cross-site scripting (XSS) issue that can be exploited if a victim loads a link from an attacker in the browser and the vulnerable appliance is reachable from the same network.
Citrix lists CVE-2023-3467 with a CVSS score of 8.0 as a vulnerability that allows an attacker to elevate privileges to those of a root administrator (nsroot).
Want your digital assets to be protected?
CyberShelter provides innovative and modern cybersecurity products and niche services to individuals and organization against all kinds of cyber threats.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?