Citrix NetScalers actively exploited by new Zero-Days.

Share This Post

On Tuesday, Citrix urged customers to immediately patch Netscaler ADC and Gateway appliances exposed online against two actively exploited zero-day vulnerabilities.

The two zero-days (CVE-2023-6548 and CVE-2023-6549) impact the Netscaler management interface and expose unpatched Netscaler instances to remote code execution (CVS Score: 5.5) and denial-of-service attacks (CVS Score: 8.2), respectively.

The good news for administrators and potential victims is that attackers must be logged in to low-privilege accounts on the targeted instance and have access to CLIP, NSIP, or SNIP with management interface access. Additionally, in order to be vulnerable to DoS attacks, the appliances must be configured as a gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or an AAA virtual server.

The company says that only customer-managed NetScaler appliances are impacted by the zero-days, while Citrix-managed cloud services or Citrix-managed Adaptive Authentication are not affected.

The list of Netscaler product versions affected by these two zero-day vulnerabilities includes the following:

NetScaler ADC and NetScaler Gateway 14.1 before 14.1-12.35
NetScaler ADC and NetScaler Gateway 13.1 before 13.1-51.15
NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.21
NetScaler ADC 13.1-FIPS before 13.1-37.176
NetScaler ADC 12.1-FIPS before 12.1-55.302
NetScaler ADC 12.1-NDcPP before 12.1-55.302

For more information, read the Citrix Security Bulletin regarding CVE-2023-6548 and CVE-2023-6549: https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549



Reach out to our incident response team for help

More To Explore

Information Security News 9-30-2024

NIST Drops Password Complexity, Mandatory Reset Rules Article Link: https://www.darkreading.com/identity-access-management-security/nist-drops-password-complexity-mandatory-reset-rules Hacker Plants False Memories in ChatGPT to Steal User Data in Perpetuity Article Link: https://arstechnica.com/security/2024/09/false-memories-planted-in-chatgpt-give-hacker-persistent-exfiltration-channel/

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.