Citrix NetScaler 0-day Vulnerability Exploited In The Wild, CISA Urges Patching

Cisco NetScaler ADC and NetScaler Gateway have been discovered to have two vulnerabilities, which were associated with remote code execution and denial of service.

The CVEs for these vulnerabilities were CVE-2023-6548 and CVE-2023-6549, and the severity has been given as 5.5 (Medium) and 8.2 (High).

In addition, these vulnerabilities were added to CISA’s known exploited vulnerabilities catalog, as there were reports of these two vulnerabilities being exploited in the wild by threat actors. CISA urges users to patch these vulnerabilities accordingly.

Document
Free Webinar

Fastrack Compliance: The Path to ZERO-Vulnerability

Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month. Delays in fixing these vulnerabilities lead to compliance issues, these delay can be minimized with a unique feature on AppTrana that helps you to get “Zero vulnerability report” within 72 hours.

Vulnerability Analysis

CVE-2023-6548 is related to “Code Injection,” which allows an attacker to perform unauthenticated remote code execution on the Management interface of affected devices. Prerequisites for exploiting this vulnerability include access to NSIP, CLIP, or SNIP with a management interface.

CVE-2023-6549 was associated with denial of service vulnerability that can allow a threat actor to initial a denial of service condition, leading to the unusability of the device. To exploit this vulnerability, the appliance must be configured as a Gateway (VPN virtual server, ICA, Proxy, CVPN, RDP Proxy) or AAA virtual server.

As per reports, there were 1500 “exposed” NetScaler Management interfaces, most located in the United States. In addition, the flaws only affect customer-managed NetScaler appliances and not Citrix-managed cloud services and Adaptive Authentications.

Vulnerable servers (Source: ShadowServer)

Affected Products & Fixed in Version

Affected DevicesFixed in version
NetScaler ADC and NetScaler Gateway 14.1 before 14.1-12.35NetScaler ADC and NetScaler Gateway 14.1-12.35 and later releases
NetScaler ADC and NetScaler Gateway 13.1 before 13.1-51.15NetScaler ADC and NetScaler Gateway  13.1-51.15 and later releases of 13.1
NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.21NetScaler ADC and NetScaler Gateway 13.0-92.21 and later releases of 13.0
NetScaler ADC 13.1-FIPS before 13.1-37.176NetScaler ADC 13.1-FIPS 13.1-37.176 and later releases of 13.1-FIPS
NetScaler ADC 12.1-FIPS before 12.1-55.302NetScaler ADC 12.1-FIPS 12.1-55.302 and later releases of 12.1-FIPS
NetScaler ADC 12.1-NDcPP before 12.1-55.302NetScaler ADC 12.1-NDcPP 12.1-55.302 and later releases of 12.1-NDcPP

Furthermore, Citrix also stated that NetScaler ADC and NetScaler Gateway version 12.1 have reached End Of Life (EOL) and are vulnerable. For additional information, Citrix has released a security advisory that provides details about the mitigation, affected versions, and other information.

Users of these devices are advised to upgrade to the latest versions to prevent these vulnerabilities from getting exploited by threat actors.

Try Kelltron’s cost-effective penetration testing services to evaluate digital systems security. available.

Eswar

Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Recent Posts

The Rise of AI-Generated Professional Headshots

It’s clear that a person’s reputation is increasingly influenced by their online presence, which spans…

14 hours ago

Hackers Abuse Google Ads To Attacking Graphic Design Professionals

Researchers identified a threat actor leveraging Google Search ads to target graphic design professionals, as…

17 hours ago

Hackers Using New IoT/OT Malware IOCONTROL To Control IP Cameras, Routers, PLCs, HMIs And Firewalls

Recent cyberattacks targeting critical infrastructure, including fuel management systems and water treatment facilities in Israel…

17 hours ago

Hackers Exploiting Apache Struts2 Vulnerability to Upload Malicious Payloads

Hackers have begun exploiting a newly discovered vulnerability in Apache Struts2, a widely used open-source…

17 hours ago

Hackers Weaponizing Microsoft Teams to Gain Remote Access

Recent cybersecurity research has uncovered a concerning trend where hackers are exploiting Microsoft Teams to…

18 hours ago

“Password Era is Ending,” Microsoft to Delete 1 Billion Passwords

Microsoft has announced that it is currently blocking an astounding 7,000 password attacks every second,…

3 days ago