Citrix has released an urgent patch for two zero-day vulnerabilities [2], CVE-2023-6548 and CVE-2023-6549 [1] [2] [3] [4] [5] [7] [9], found in their NetScaler ADC and NetScaler Gateway products [4] [5]. These vulnerabilities are actively being exploited and pose a significant risk.


CVE-2023-6548 allows attackers to remotely execute code on the management interfaces of affected devices with low privileges. It has a medium severity rating with a CVSSv3 score of 5.5. To mitigate this vulnerability, Citrix recommends segregating network traffic to the management interface and not exposing it to the internet [3] [7] [8].

On the other hand, CVE-2023-6549 is a high-severity denial-of-service vulnerability with a CVSSv3 score of 8.2. It requires the appliances to be configured as a Gateway or AAA virtual server [2]. These vulnerabilities only impact customer-managed NetScaler appliances [2] [7], with approximately 1,500 exposed online [2], mostly in the US [2]. Citrix-managed cloud services and Adaptive Authentication are unaffected [2] [7].

Citrix advises affected customers to promptly install the necessary security updates. The impacted versions include NetScaler ADC and NetScaler Gateway 14.1, 13.1, 13.0, 13.1-FIPS, 12.1-FIPS [8], and 12.1-NDcPP [8]. While the impact of these vulnerabilities is not expected to be as significant as previous ones [8], organizations using these appliances should apply patches promptly [8] [9]. Citrix has observed a limited number of exploits in the wild and is urging affected customers to apply updates [8].


In conclusion, Citrix customers using Internet-exposed NetScaler ADC and Gateway appliances should patch against the vulnerabilities CVE-2023-6548 and CVE-2023-6549 [6]. These vulnerabilities can be exploited for remote code execution and denial-of-service attacks [2] [6] [7]. It is crucial for affected customers to apply the necessary security updates as soon as possible to mitigate the risks.