Citrix Releases Critical Security Updates for NetScaler ADC and NetScaler Gateway

Citrix has released a critical security update addressing 1 Critical and 2 High severity vulnerabilities in NetScaler ADC and NetScaler Gateway

Threat ID:: CC-4359
Threat Severity:: High
Published:: 18 July 2023 5:22 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Citrix has released a critical security update addressing 1 Critical and 2 High severity vulnerabilities in NetScaler ADC and NetScaler Gateway

Affected platforms

The following platforms are known to be affected:

Versions: 13.1 before 13.1-49.13, 13.0 before 13.0-91.13, 13.1-FIPS before 13.1-37.159, 12.1-FIPS before 12.1-65.36 , 12.1-NDcPP before 12.65.36

NetScaler ADC

Versions: 13.1 before 13.1-49.13, 13.0 before 13.0-91.13

NetScaler Gateway

Threat details

End-of-life (EoL) products still vulnerable

Citrix have advised that NetScaler Gateway and NetScaler ADC version 12.1 is currently end-of-life, but still vulnerable to these vulnerabilities. Updates will not be issued, and organisations using EoL versions should upgrade to the latest release of supported versions as soon as possible.

Introduction

Citrix has released a security bulletin for one Critical severity vulnerability, tracked as CVE-2023-3519, and two High severity vulnerabilities tracked as CVE-2023-3466 and CVE-2023-3467.

A remote, unauthenticated attacker could exploit CVE-2023-3519 to perform remote code execution on a target system.

Additionally, CVE-2023-3466 and CVE-2023-3467 could allow an attacker to perform cross-site scripting or privilege escalation, to "root administrator" on a target system.

Evidence of exploitation in the wild

Citrix have advised in their security bulletin that exploitation of CVE-2023-3519 against vulnerable appliances has been observed in the wild.

Vulnerability Details

CVE-2023-3519 - A critical remote code execution vulnerability, which could allow an unauthenticated attacker to perform remote code execution on a target system.
CVE-2023-3466 - A high severity vulnerability which could allow an attacker to perform cross-site scripting on a target system.
CVE-2023-3467 - A high severity privilege escalation vulnerability which an attacker could exploit to achieve root administrator privileges.

Remediation advice

Affected organisations are required to review the Citrix Security Bulletin and apply the relevant updates.

Definitive source of threat updates

https://support.citrix.com/article/CTX561482

CVE Vulnerabilities

Status Reserved

CVE-2023-3466

Status Reserved

CVE-2023-3467

Status Reserved

CVE-2023-3519

Last edited: 18 July 2023 5:25 pm