Friday, April 4, 2025
HomeCVE/vulnerabilityCitrix NetScaler 0-day Vulnerability Exploited In The Wild, CISA Urges Patching

Citrix NetScaler 0-day Vulnerability Exploited In The Wild, CISA Urges Patching

Published on

SIEM as a Service

Follow Us on Google News

Cisco NetScaler ADC and NetScaler Gateway have been discovered to have two vulnerabilities, which were associated with remote code execution and denial of service.

The CVEs for these vulnerabilities were CVE-2023-6548 and CVE-2023-6549, and the severity has been given as 5.5 (Medium) and 8.2 (High).

In addition, these vulnerabilities were added to CISA’s known exploited vulnerabilities catalog, as there were reports of these two vulnerabilities being exploited in the wild by threat actors. CISA urges users to patch these vulnerabilities accordingly.

Document
Free Webinar

Fastrack Compliance: The Path to ZERO-Vulnerability

Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month. Delays in fixing these vulnerabilities lead to compliance issues, these delay can be minimized with a unique feature on AppTrana that helps you to get “Zero vulnerability report” within 72 hours.

Vulnerability Analysis

CVE-2023-6548 is related to “Code Injection,” which allows an attacker to perform unauthenticated remote code execution on the Management interface of affected devices. Prerequisites for exploiting this vulnerability include access to NSIP, CLIP, or SNIP with a management interface.

CVE-2023-6549 was associated with denial of service vulnerability that can allow a threat actor to initial a denial of service condition, leading to the unusability of the device. To exploit this vulnerability, the appliance must be configured as a Gateway (VPN virtual server, ICA, Proxy, CVPN, RDP Proxy) or AAA virtual server.

As per reports, there were 1500 “exposed” NetScaler Management interfaces, most located in the United States. In addition, the flaws only affect customer-managed NetScaler appliances and not Citrix-managed cloud services and Adaptive Authentications.

Vulnerable servers (Source: ShadowServer)
Vulnerable servers (Source: ShadowServer)

Affected Products & Fixed in Version

Affected DevicesFixed in version
NetScaler ADC and NetScaler Gateway 14.1 before 14.1-12.35NetScaler ADC and NetScaler Gateway 14.1-12.35 and later releases
NetScaler ADC and NetScaler Gateway 13.1 before 13.1-51.15NetScaler ADC and NetScaler Gateway  13.1-51.15 and later releases of 13.1
NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.21NetScaler ADC and NetScaler Gateway 13.0-92.21 and later releases of 13.0  
NetScaler ADC 13.1-FIPS before 13.1-37.176NetScaler ADC 13.1-FIPS 13.1-37.176 and later releases of 13.1-FIPS  
NetScaler ADC 12.1-FIPS before 12.1-55.302NetScaler ADC 12.1-FIPS 12.1-55.302 and later releases of 12.1-FIPS  
NetScaler ADC 12.1-NDcPP before 12.1-55.302NetScaler ADC 12.1-NDcPP 12.1-55.302 and later releases of 12.1-NDcPP 

Furthermore, Citrix also stated that NetScaler ADC and NetScaler Gateway version 12.1 have reached End Of Life (EOL) and are vulnerable. For additional information, Citrix has released a security advisory that provides details about the mitigation, affected versions, and other information.

Users of these devices are advised to upgrade to the latest versions to prevent these vulnerabilities from getting exploited by threat actors.

Try Kelltron’s cost-effective penetration testing services to evaluate digital systems security. available.

Eswar
Eswar
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Halo ITSM Vulnerability Lets Attackers Inject Malicious SQL Code

A critical security flaw has been discovered in Halo ITSM, an IT support management software...

Australian Pension Funds Hacked: Members Face Financial Losses

Several of Australia’s largest superannuation funds have been targeted in a coordinated cyberattack, leading...

Frida Penetration Testing Toolkit Updated with Advanced Threat Monitoring APIs

In a significant update to the popular dynamic instrumentation toolkit Frida, developers have introduced...

OpenVPN Flaw Allows Attackers Crash Servers and Run Remote Code

OpenVPN, a widely-used open-source virtual private network (VPN) software, has recently patched a security...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Halo ITSM Vulnerability Lets Attackers Inject Malicious SQL Code

A critical security flaw has been discovered in Halo ITSM, an IT support management software...

Australian Pension Funds Hacked: Members Face Financial Losses

Several of Australia’s largest superannuation funds have been targeted in a coordinated cyberattack, leading...

Frida Penetration Testing Toolkit Updated with Advanced Threat Monitoring APIs

In a significant update to the popular dynamic instrumentation toolkit Frida, developers have introduced...