Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







[CVSS 8+] Zero-Days Hit Citrix Netscaler Again

Executive Summary

Citrix has issued an urgent advisory to address two actively exploited zero-day vulnerabilities affecting Netscaler ADC and Gateway appliances. Immediate action is crucial for administrators to mitigate these significant security risks.

About the Zero-Day Vulnerabilities
CVE-2023-6548

CVE-2023-6548, with a CVSS score of 5.5, is a remote code execution vulnerability affecting NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). As a pre-requisite, attackers require access to NSIP, CLIP, or SNIP with management interface access.


CVE-2023-6549

CVE-2023-6549, with a CVSS score of 8.2, represents a denial-of-service (DoS) vulnerability in NetScaler ADC and Gateway appliances. Attackers can exploit it when the appliance is configured as a VPN, ICA Proxy, CVPN, RDP Proxy, or as an AAA virtual server.


Citrix has confirmed that only customer-managed NetScaler appliances are vulnerable to these zero-days. In other words, Citrix-managed cloud services and Citrix-managed Adaptive Authentication remain unaffected by these vulnerabilities.

Recommendations from Citrix

Citrix has released a security advisory, urgently advising administrators to promptly patch their Netscaler appliances against these zero-days. Exploits for these vulnerabilities have been observed, necessitating immediate action.

Citrix advises administrators who are unable to apply the updates immediately to take mitigating actions. These include:

  • Separating the appliance’s management interface from regular network traffic to minimise the risk of exploitation.
  • Blocking network traffic to affected instances and ensuring they are not exposed online.
Exploited Netscaler Vulnerabilities

Previously, Citrix patched a critical Netscaler flaw known as CVE-2023-4966, or Citrix Bleed, in October. Threat groups have been exploiting this vulnerability, which has a CVSS score of 9.4, since August. Consequently, they have compromised government organisations and prominent tech companies worldwide. Accordingly, CISA has released guidance to address this critical vulnerability that has been widely exploited.

Also, the UK’s National Cyber Security Centre (NCSC) highlighted another exploited Citrix vulnerability in its Annual Review for 2023. This flaw, CVE-2023-3519, has a CVSS score of 9.8.

Therefore, please remain vigilant and promptly take the necessary steps to protect your Citrix Netscaler appliances from exploits.

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.