On July 18, 2023, Citrix published multiple Critical Zero-day Remote code Execution (CVE-2023-3519), Reflected Cross-Site Scripting (CVE-2023-3466), and Privilege Escalation (CVE-2023-3467) vulnerabilities. These three vulnerabilities affect Citrix NetScaler ADC (Application Delivery Controller) and NetScaler Gateway.
CVE-2023-3519 successfully allows exploit code to execute remotely without
authenticating on vulnerable target systems that are configured as gateways.
CVE-2023-3466 is a security flaw that allows attackers to execute harmful
scripts on a victim's web browser. To exploit it, the victim must click on a
link controlled by the attacker while connected to the same network as the
NetScaler IP (NSIP).
CVE-2023-3467 is that enables attackers with limited privileges to gain
full administrative control by obtaining authenticated access to NSIP or SNIP
with management interface access. This privilege escalation can lead to
unauthorized control over the system.
Citrix ADC and Citrix Gateway:
Citrix
ADC (Application Delivery Controller) is a tool that ensures applications run
smoothly and securely by distributing incoming traffic across servers,
optimizing performance, and protecting against cyber threats.
Citrix
Gateway (known as NetScaler Gateway) is a secure remote access solution that
allows employees to access applications and data from outside the company's
network, providing a safe and encrypted connection.
Together,
they help organizations deliver applications efficiently while enabling secure
remote access for their employees.
The
below Shodan search engine report image shows Citrix ADC and Gateway users as
of July 18, 2023.
Figure1: Shodan report of Citrix ADC
Affected Products and Versions:
The
following Citrix supported versions of NetScaler ADC and NetScaler Gateway are
affected by the vulnerabilities:
|
CVE ID |
Affected Products |
Affected Versions |
|
CVE-2023-3519 Remote Code Execution |
Citrix ADC and Citrix Gateway |
13.1 before 13.1-49.13 13.0 before 13.0-91.13 13.1-FIPS before 13.1-37.159 12.1-FIPS before 12.1-55.297 12.1-NDcPP before 12.55.297 |
|
CVE-2023-3466 Reflected XSS |
Citrix ADC and Citrix Gateway |
13.1 before 13.1-49.13 13.0 before 13.0-91.13 13.1-FIPS before 13.1-37.159 12.1-FIPS before 12.1-55.297 12.1-NDcPP before 12.55.297 |
|
CVE-2023-3467 Privilege Escalation |
Citrix ADC and Citrix Gateway |
13.1 before 13.1-49.13 13.0 before 13.0-91.13 13.1-FIPS before 13.1-37.159 12.1-FIPS before 12.1-55.297 12.1-NDcPP before 12.55.297 |
Quick Recommendations:
To protect against the identified vulnerabilities in Citrix ADC and Citrix Gateway, follow these essential steps:
- Update Citrix ADC and Citrix Gateway to the latest releases that fix the vulnerabilities.
- If you are using NetScaler ADC and NetScaler Gateway version 12.1, which is no longer supported (End of Life), upgrade to a currently supported version.
By
implementing these steps, you can mitigate the risks associated with the
vulnerabilities and ensure the security of your Citrix infrastructure.
References:
Contributed by Manab Jyoti Dowarah
0 Comments