Tuesday, November 12, 2024
HomeCVE/vulnerabilityCitrix NetScaler 0-day Vulnerability Exploited In The Wild, CISA Urges Patching

Citrix NetScaler 0-day Vulnerability Exploited In The Wild, CISA Urges Patching

Published on

Malware protection

Cisco NetScaler ADC and NetScaler Gateway have been discovered to have two vulnerabilities, which were associated with remote code execution and denial of service.

The CVEs for these vulnerabilities were CVE-2023-6548 and CVE-2023-6549, and the severity has been given as 5.5 (Medium) and 8.2 (High).

In addition, these vulnerabilities were added to CISA’s known exploited vulnerabilities catalog, as there were reports of these two vulnerabilities being exploited in the wild by threat actors. CISA urges users to patch these vulnerabilities accordingly.

- Advertisement - SIEM as a Service
Document
Free Webinar

Fastrack Compliance: The Path to ZERO-Vulnerability

Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month. Delays in fixing these vulnerabilities lead to compliance issues, these delay can be minimized with a unique feature on AppTrana that helps you to get “Zero vulnerability report” within 72 hours.

Vulnerability Analysis

CVE-2023-6548 is related to “Code Injection,” which allows an attacker to perform unauthenticated remote code execution on the Management interface of affected devices. Prerequisites for exploiting this vulnerability include access to NSIP, CLIP, or SNIP with a management interface.

CVE-2023-6549 was associated with denial of service vulnerability that can allow a threat actor to initial a denial of service condition, leading to the unusability of the device. To exploit this vulnerability, the appliance must be configured as a Gateway (VPN virtual server, ICA, Proxy, CVPN, RDP Proxy) or AAA virtual server.

As per reports, there were 1500 “exposed” NetScaler Management interfaces, most located in the United States. In addition, the flaws only affect customer-managed NetScaler appliances and not Citrix-managed cloud services and Adaptive Authentications.

Vulnerable servers (Source: ShadowServer)
Vulnerable servers (Source: ShadowServer)

Affected Products & Fixed in Version

Affected DevicesFixed in version
NetScaler ADC and NetScaler Gateway 14.1 before 14.1-12.35NetScaler ADC and NetScaler Gateway 14.1-12.35 and later releases
NetScaler ADC and NetScaler Gateway 13.1 before 13.1-51.15NetScaler ADC and NetScaler Gateway  13.1-51.15 and later releases of 13.1
NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.21NetScaler ADC and NetScaler Gateway 13.0-92.21 and later releases of 13.0  
NetScaler ADC 13.1-FIPS before 13.1-37.176NetScaler ADC 13.1-FIPS 13.1-37.176 and later releases of 13.1-FIPS  
NetScaler ADC 12.1-FIPS before 12.1-55.302NetScaler ADC 12.1-FIPS 12.1-55.302 and later releases of 12.1-FIPS  
NetScaler ADC 12.1-NDcPP before 12.1-55.302NetScaler ADC 12.1-NDcPP 12.1-55.302 and later releases of 12.1-NDcPP 

Furthermore, Citrix also stated that NetScaler ADC and NetScaler Gateway version 12.1 have reached End Of Life (EOL) and are vulnerable. For additional information, Citrix has released a security advisory that provides details about the mitigation, affected versions, and other information.

Users of these devices are advised to upgrade to the latest versions to prevent these vulnerabilities from getting exploited by threat actors.

Try Kelltron’s cost-effective penetration testing services to evaluate digital systems security. available.

Eswar
Eswar
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Amazon Confirms Employee Data Breach Via Third-party Vendor

Amazon has confirmed that sensitive employee data was exposed due to a breach at...

10 Best DNS Management Tools – 2025

Best DNS Management Tools play a crucial role in efficiently managing domain names and...

Sweet Security Announces Availability of its Cloud Native Detection & Response Platform on the AWS Marketplace

Customers can now easily integrate Sweet’s runtime detection and response platform into their AWS...

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Amazon Confirms Employee Data Breach Via Third-party Vendor

Amazon has confirmed that sensitive employee data was exposed due to a breach at...

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling...

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases...