Skip to the main content.
Government Programs
Integrated technology, solutions, and services that support rapid innovation within the DoD ecosystem.

CMMC Preparation & Assessment
Cybersecurity Assurance Readiness (CSAR®/RMF Pro)
ATO/RMF Support

Book GP Demo

Professional Services
Expertise in security strategy, incident response readiness, policy development, and risk assessments.

Risk Assessments
vCISO
Penetration Testing

Book ProServ Demo

Digital Forensics & Incident Response
Are You Under Attack?

If you are concerned about a potential threat or are experiencing a breach, contact our 24/7/365 emergency hotline at 888-860-0452.

CONTACT US

Subscribe-to-NetSec-News-v4Subscribe to NetSec News

Sign up to receive our biweekly newsletter that covers what's happening in cybersecurity including news, trends, and thought leadership.

SIGN UP

Ingalls Information Security

At our core, Ingalls is a company that strives to be helpful to our clients while continuously innovating and evolving our technology and solutions. Since 2010, we have been dedicated to building a team and product that can stay steps ahead of threats, attacks, and vulnerabilities in an ever-changing landscape.

Meet The Leadership Team

3 min read

Citrix ADC and Citrix Gateway Vulnerabilities

On July 18th, 2023, Citrix issued an alert to customers regarding a critical vulnerability (CVE-2023-3519) in its NetScaler ADC and NetScaler Gateway products. The security flaw, rated 9.8 out of 10 in severity, allows attackers to execute code remotely without authentication. Exploits for this vulnerability have been observed in the wild, prompting Citrix to strongly urge users to install the latest updates immediately. Additionally, Citrix fixed two other high-severity vulnerabilities (CVE-2023-3466 and CVE-2023-3467) that involve cross-site scripting and privilege escalation. Customers are advised to upgrade to the latest versions of NetScaler ADC and NetScaler Gateway to mitigate the risks posed by these vulnerabilities. As of the advisory date, there is no current technical write-up or proof of concept available for this vulnerability, but it is crucial for organizations to prioritize updates and implement necessary security measures proactively.

Security Advisory Notice:
Citrix ADC and Citrix Gateway Vulnerabilities: (CVE-2023-3466, CVE-2023-3467, CVE-2023-3519)


Affected Software / System

This advisory specifically applies to the following Citrix products:

  • Citrix ADC (also known as NetScaler ADC)
  • Citrix Gateway (also known as NetScaler Gateway)

The following versions are affected by the vulnerabilities:

  • NetScaler ADC and NetScaler Gateway 1 before 13.1-49.13 
  • NetScaler ADC and NetScaler Gateway 0 before 13.0-91.13 
  • NetScaler ADC 13.1-FIPS before 13.1-37.159
  • NetScaler ADC 12.1-FIPS before 12.1-55.297
  • NetScaler ADC 12.1-NDcPP before 12.1-55.297



CVE (if applicable)

  • CVE-2023-3466
  • CVE-2023-3467
  • CVE-2023-3519


Type

There are three types of vulnerabilities for the affected software/systems.

  1. CVE-2023-3519 is a CVSSv3 9.8 Critical Severity unauthenticated remote code execution vulnerability. This vulnerability requires that any appliance running the affected software be configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.
  2. CVE-2023-3466 is a CVSSv3 8.3 High Severity Cross-Site Scripting (XSS) vulnerability. This vulnerability requires the victim to access an attacker-controlled link in the browser while being on a network with connectivity to the NSIP.
  3. CVE-2023-3467 is a CVSSv3 8.0 High Severity Privilege Escalation vulnerability. This vulnerability requires authenticated access to NSIP or SNIP with management interface access.

 

Exploit Status: 

The security bulletin from Citrix has noted active instances of threat actors exploiting the most severe vulnerability, CVE-2023-3519, “in the wild” in real-world incidents. It is likely that the other two vulnerabilities could be leveraged in conjunction with the first, following the initial breach by the threat actors. 


Rating

CVE-2023-3466
• CVSSv3 score: 8.3
• Severity: High

CVE-2023-3467
CVSSv3 score: 8
• Severity: High

CVE-2023-3519
• CVSSv3 score: 9.8
• Severity: Critical


 

Vulnerability Summary

On July 18th, 2023, Citrix issued an alert to customers regarding a critical vulnerability (CVE-2023-3519) in its NetScaler ADC and NetScaler Gateway products. The security flaw, rated 9.8 out of 10 in severity, allows attackers to execute code remotely without authentication. Exploits for this vulnerability have been observed in the wild, prompting Citrix to strongly urge users to install the latest updates immediately. Additionally, Citrix fixed two other high-severity vulnerabilities (CVE-2023-3466 and CVE-2023-3467) that involve cross-site scripting and privilege escalation. Customers are advised to upgrade to the latest versions of NetScaler ADC and NetScaler Gateway to mitigate the risks posed by these vulnerabilities. As of the advisory date, there is no current technical write-up or proof of concept available for this vulnerability, but it is crucial for organizations to prioritize updates and implement necessary security measures proactively.

 

Impact

The identified vulnerabilities in the affected software pose significant risks to organizations. CVE-2023-3466, a Cross-Site Scripting (XSS) flaw, can lead to unauthorized data access and manipulation if victims interact with malicious links. CVE-2023-3467, a Privilege Escalation vulnerability, allows attackers with authenticated access to gain root administrator privileges, potentially leading to unauthorized access to critical resources. The most severe of the vulnerabilities, CVE-2023-3519, enables unauthenticated remote code execution, compromising the targeted system completely. Once a system is compromised, there is a high risk of corrupting or ransoming the organization's infrastructure backups, along with the possibility of lateral movement by the threat actor.


Mitigations

Immediately patch and install the latest updates of the affected systems and software. The updated versions of the software are as follows:
• NetScaler ADC and NetScaler Gateway 13.1-49.13 and later releases
• NetScaler ADC and NetScaler Gateway 13.0-91.13 and later releases of 13.0  
• NetScaler ADC 13.1-FIPS 13.1-37.159 and later releases of 13.1-FIPS  
• NetScaler ADC 12.1-FIPS 12.1-55.297 and later releases of 12.1-FIPS  
• NetScaler ADC 12.1-NDcPP 12.1-55.297 and later releases of 12.1-NDcPP
.

 

Ingalls MDR Clients Protections:

The Ingalls CTI team is actively engaged in hunting for any of the known indications of compromise at this time and will continue to closely monitor and develop additional detections as they become available. Please notify your assigned Primary Analyst if you suspect that your organization may be breached or require additional threat hunting and analysis.

Ingalls Recommends the Following Actions:

Implement the above mitigation actions on every affected Citrix appliance in your environment and roll out the latest patches as soon as possible.

 
 
Citrix Vulnerability Found in Citrix ADC and Citrix Gateway

Citrix Vulnerability Found in Citrix ADC and Citrix Gateway

A new vulnerability has been discovered in Citrix ADC (Application Delivery Controller) and Citrix Gateway that allows the remote execution of...

Read More
Cybersecurity Advisory: Patches for 6 Actively Exploited Zero Days

Cybersecurity Advisory: Patches for 6 Actively Exploited Zero Days

It's important that organizations deploy last week's "Patch Tuesday" patches as soon as possible. These patches include several critical, high, and...

Read More
Fortigate SSL-VPN Remote Code Execution Vulnerability (CVE-2023-27997)

Fortigate SSL-VPN Remote Code Execution Vulnerability (CVE-2023-27997)

It's important that organizations deploy last week's "Patch Tuesday" patches as soon as possible. These patches include several critical, high, and...

Read More