Saturday, June 15, 2024

Citrix NetScaler 0-day Vulnerability Exploited In The Wild, CISA Urges Patching

Cisco NetScaler ADC and NetScaler Gateway have been discovered to have two vulnerabilities, which were associated with remote code execution and denial of service.

The CVEs for these vulnerabilities were CVE-2023-6548 and CVE-2023-6549, and the severity has been given as 5.5 (Medium) and 8.2 (High).

In addition, these vulnerabilities were added to CISA’s known exploited vulnerabilities catalog, as there were reports of these two vulnerabilities being exploited in the wild by threat actors. CISA urges users to patch these vulnerabilities accordingly.

Free Webinar

Fastrack Compliance: The Path to ZERO-Vulnerability

Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month. Delays in fixing these vulnerabilities lead to compliance issues, these delay can be minimized with a unique feature on AppTrana that helps you to get “Zero vulnerability report” within 72 hours.

Vulnerability Analysis

CVE-2023-6548 is related to “Code Injection,” which allows an attacker to perform unauthenticated remote code execution on the Management interface of affected devices. Prerequisites for exploiting this vulnerability include access to NSIP, CLIP, or SNIP with a management interface.

CVE-2023-6549 was associated with denial of service vulnerability that can allow a threat actor to initial a denial of service condition, leading to the unusability of the device. To exploit this vulnerability, the appliance must be configured as a Gateway (VPN virtual server, ICA, Proxy, CVPN, RDP Proxy) or AAA virtual server.

As per reports, there were 1500 “exposed” NetScaler Management interfaces, most located in the United States. In addition, the flaws only affect customer-managed NetScaler appliances and not Citrix-managed cloud services and Adaptive Authentications.

Vulnerable servers (Source: ShadowServer)
Vulnerable servers (Source: ShadowServer)

Affected Products & Fixed in Version

Affected DevicesFixed in version
NetScaler ADC and NetScaler Gateway 14.1 before 14.1-12.35NetScaler ADC and NetScaler Gateway 14.1-12.35 and later releases
NetScaler ADC and NetScaler Gateway 13.1 before 13.1-51.15NetScaler ADC and NetScaler Gateway  13.1-51.15 and later releases of 13.1
NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.21NetScaler ADC and NetScaler Gateway 13.0-92.21 and later releases of 13.0  
NetScaler ADC 13.1-FIPS before 13.1-37.176NetScaler ADC 13.1-FIPS 13.1-37.176 and later releases of 13.1-FIPS  
NetScaler ADC 12.1-FIPS before 12.1-55.302NetScaler ADC 12.1-FIPS 12.1-55.302 and later releases of 12.1-FIPS  
NetScaler ADC 12.1-NDcPP before 12.1-55.302NetScaler ADC 12.1-NDcPP 12.1-55.302 and later releases of 12.1-NDcPP 

Furthermore, Citrix also stated that NetScaler ADC and NetScaler Gateway version 12.1 have reached End Of Life (EOL) and are vulnerable. For additional information, Citrix has released a security advisory that provides details about the mitigation, affected versions, and other information.

Users of these devices are advised to upgrade to the latest versions to prevent these vulnerabilities from getting exploited by threat actors.

Try Kelltron’s cost-effective penetration testing services to evaluate digital systems security. available.


Latest articles

Sleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-Users

Hackers are targeting, attacking, and exploiting ML models. They want to hack into these...

SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files

SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a...

Smishing Triad Hackers Attacking Online Banking, E-Commerce AND Payment Systems Customers

Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes.Resecurity...

Threat Actor Claiming Leak Of 5 Million Ecuador’s Citizen Database

A threat actor has claimed responsibility for leaking the personal data of 5 million...

Ascension Hack Caused By an Employee Who Downloaded a Malicious File

Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery...

AWS Announced Malware Detection Tool For S3 Buckets

Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection...

Hackers Exploiting MS Office Editor Vulnerability to Deploy Keylogger

Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group.The...
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles