Citrix Vulnerability Found in Citrix ADC and Citrix Gateway
A new vulnerability has been discovered in Citrix ADC (Application Delivery Controller) and Citrix Gateway that allows the remote execution of...
24/7/365 Monitoring & Alerting
Compromise Assessments
Threat Hunting
Vulnerability Management
CMMC Preparation & Assessment
Cybersecurity Assurance Readiness (CSAR®/RMF Pro)
ATO/RMF Support
If you are concerned about a potential threat or are experiencing a breach, contact our 24/7/365 emergency hotline at 888-860-0452.
Sign up to receive our biweekly newsletter that covers what's happening in cybersecurity including news, trends, and thought leadership.
At our core, Ingalls is a company that strives to be helpful to our clients while continuously innovating and evolving our technology and solutions. Since 2010, we have been dedicated to building a team and product that can stay steps ahead of threats, attacks, and vulnerabilities in an ever-changing landscape.
On July 18th, 2023, Citrix issued an alert to customers regarding a critical vulnerability (CVE-2023-3519) in its NetScaler ADC and NetScaler Gateway products. The security flaw, rated 9.8 out of 10 in severity, allows attackers to execute code remotely without authentication. Exploits for this vulnerability have been observed in the wild, prompting Citrix to strongly urge users to install the latest updates immediately. Additionally, Citrix fixed two other high-severity vulnerabilities (CVE-2023-3466 and CVE-2023-3467) that involve cross-site scripting and privilege escalation. Customers are advised to upgrade to the latest versions of NetScaler ADC and NetScaler Gateway to mitigate the risks posed by these vulnerabilities. As of the advisory date, there is no current technical write-up or proof of concept available for this vulnerability, but it is crucial for organizations to prioritize updates and implement necessary security measures proactively.
This advisory specifically applies to the following Citrix products:
The following versions are affected by the vulnerabilities:
There are three types of vulnerabilities for the affected software/systems.
The security bulletin from Citrix has noted active instances of threat actors exploiting the most severe vulnerability, CVE-2023-3519, “in the wild” in real-world incidents. It is likely that the other two vulnerabilities could be leveraged in conjunction with the first, following the initial breach by the threat actors.
CVE-2023-3466
• CVSSv3 score: 8.3
• Severity: High
CVE-2023-3467
• CVSSv3 score: 8
• Severity: High
CVE-2023-3519
• CVSSv3 score: 9.8
• Severity: Critical
On July 18th, 2023, Citrix issued an alert to customers regarding a critical vulnerability (CVE-2023-3519) in its NetScaler ADC and NetScaler Gateway products. The security flaw, rated 9.8 out of 10 in severity, allows attackers to execute code remotely without authentication. Exploits for this vulnerability have been observed in the wild, prompting Citrix to strongly urge users to install the latest updates immediately. Additionally, Citrix fixed two other high-severity vulnerabilities (CVE-2023-3466 and CVE-2023-3467) that involve cross-site scripting and privilege escalation. Customers are advised to upgrade to the latest versions of NetScaler ADC and NetScaler Gateway to mitigate the risks posed by these vulnerabilities. As of the advisory date, there is no current technical write-up or proof of concept available for this vulnerability, but it is crucial for organizations to prioritize updates and implement necessary security measures proactively.
The identified vulnerabilities in the affected software pose significant risks to organizations. CVE-2023-3466, a Cross-Site Scripting (XSS) flaw, can lead to unauthorized data access and manipulation if victims interact with malicious links. CVE-2023-3467, a Privilege Escalation vulnerability, allows attackers with authenticated access to gain root administrator privileges, potentially leading to unauthorized access to critical resources. The most severe of the vulnerabilities, CVE-2023-3519, enables unauthenticated remote code execution, compromising the targeted system completely. Once a system is compromised, there is a high risk of corrupting or ransoming the organization's infrastructure backups, along with the possibility of lateral movement by the threat actor.
Immediately patch and install the latest updates of the affected systems and software. The updated versions of the software are as follows:
• NetScaler ADC and NetScaler Gateway 13.1-49.13 and later releases
• NetScaler ADC and NetScaler Gateway 13.0-91.13 and later releases of 13.0
• NetScaler ADC 13.1-FIPS 13.1-37.159 and later releases of 13.1-FIPS
• NetScaler ADC 12.1-FIPS 12.1-55.297 and later releases of 12.1-FIPS
• NetScaler ADC 12.1-NDcPP 12.1-55.297 and later releases of 12.1-NDcPP
.
The Ingalls CTI team is actively engaged in hunting for any of the known indications of compromise at this time and will continue to closely monitor and develop additional detections as they become available. Please notify your assigned Primary Analyst if you suspect that your organization may be breached or require additional threat hunting and analysis.
Implement the above mitigation actions on every affected Citrix appliance in your environment and roll out the latest patches as soon as possible.
A new vulnerability has been discovered in Citrix ADC (Application Delivery Controller) and Citrix Gateway that allows the remote execution of...
It's important that organizations deploy last week's "Patch Tuesday" patches as soon as possible. These patches include several critical, high, and...
It's important that organizations deploy last week's "Patch Tuesday" patches as soon as possible. These patches include several critical, high, and...