Citrix Products Are under Active Hacker Attacks due to Several 0-Day Vulnerabilities

0-day vulnerabilities in Citrix
Citrix is warning users of a number of 0-day vulnerabilities and other security vulnerabilities in the NetScaler ADC and NetScaler Gateway that they say are heavily exploited in the wild (ITW).

Tracked as CVE-2023-3519 (CVSS Score 9.8), the vulnerability involves a malicious code injection that could allow an unauthorized attacker to remotely execute arbitrary commands.

The vulnerability has been fixed in the latest version of the Citrix software, but it still affects the following software versions:

  1. NetScaler ADC and NetScaler Gateway 13.1 to 13.1-49.13;
  2. NetScaler ADC and NetScaler Gateway 13.0 to 13.0-91.13;
  3. NetScaler ADC and NetScaler Gateway version 12.1 (end of support);
  4. NetScaler ADC 13.1-FIPS up to 13.1-37.159;
  5. NetScaler ADC 12.1-FIPS up to 12.1-55.297;
  6. NetScaler ADC 12.1-NDcPP to 12.1-55.297.

The company did not disclose additional details about this vulnerability. However, it is now known for certain that the successful operation of CVE-2023-3519 requires that the device be configured as a gateway (virtual VPN server, ICA proxy, CVPN, RDP proxy) or virtual authorization and accounting server (AAA).

Along with CVE-2023-3519, two other bugs were also identified and fixed:

  1. CVE-2023-3466 (CVSS score: 8.3) – An input misvalidation vulnerability leading to a reflected cross-site scripting (XSS) attack.
  2. CVE-2023-3467 (CVSS Score: 8.0) is a privilege mismanagement vulnerability leading to privilege escalation to root administrator (nsroot).

NetScaler ADC and NetScaler Gateway version 12.1 customers are encouraged to update their devices to a supported version to mitigate potential threats.

The last weeks have been quite busy because of zero-day vulnerabilities. Just yesterday, we wrote about the exploitation of critical vulnerabilities in Adobe ColdFusion (CVE-2023-29298 and CVE-2023-38203), and at the beginning of the month, information security specialists talked about a critical vulnerability in the Ultimate Member plugin for WordPress (CVE-2023-28121).

However, sometimes there were two 0-day vulnerabilities per week, such as in Google Chrome.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Volodymyr Krasnogolovy

I'm a journalist, cybersecurity specialist, content manager, copywriter, and photojournalist. With a deep passion for cybersecurity and a diverse skill set, I'm excited to share my expertise through this blog. From researching the latest threats to crafting engaging narratives and capturing powerful visuals, I strive to provide valuable insights and raise awareness about the importance of cybersecurity.

Leave a Reply