Citrix has released an urgent patch for two zero-day vulnerabilities [2], CVE-2023-6548 and CVE-2023-6549 [1] [2] [3] [4] [5] [7] [9], found in their NetScaler ADC and NetScaler Gateway products [4] [5]. These vulnerabilities are actively being exploited and pose a significant risk.
Description
CVE-2023-6548 allows attackers to remotely execute code on the management interfaces of affected devices with low privileges. It has a medium severity rating with a CVSSv3 score of 5.5. To mitigate this vulnerability, Citrix recommends segregating network traffic to the management interface and not exposing it to the internet [3] [7] [8].
On the other hand, CVE-2023-6549 is a high-severity denial-of-service vulnerability with a CVSSv3 score of 8.2. It requires the appliances to be configured as a Gateway or AAA virtual server [2]. These vulnerabilities only impact customer-managed NetScaler appliances [2] [7], with approximately 1,500 exposed online [2], mostly in the US [2]. Citrix-managed cloud services and Adaptive Authentication are unaffected [2] [7].
Citrix advises affected customers to promptly install the necessary security updates. The impacted versions include NetScaler ADC and NetScaler Gateway 14.1, 13.1, 13.0, 13.1-FIPS, 12.1-FIPS [8], and 12.1-NDcPP [8]. While the impact of these vulnerabilities is not expected to be as significant as previous ones [8], organizations using these appliances should apply patches promptly [8] [9]. Citrix has observed a limited number of exploits in the wild and is urging affected customers to apply updates [8].
Conclusion
In conclusion, Citrix customers using Internet-exposed NetScaler ADC and Gateway appliances should patch against the vulnerabilities CVE-2023-6548 and CVE-2023-6549 [6]. These vulnerabilities can be exploited for remote code execution and denial-of-service attacks [2] [6] [7]. It is crucial for affected customers to apply the necessary security updates as soon as possible to mitigate the risks.
References
[1] https://www.cisa.gov/news-events/alerts/2024/01/18/citrix-releases-security-updates-netscaler-adc-and-netscaler-gateway
[2] https://fieldeffect.com/blog/active-exploitation-citrix-zero-days
[3] https://www.darkreading.com/vulnerabilities-threats/citrix-discovers-two-vulnerabilities-both-exploited-in-the-wild
[4] https://www.hivepro.com/threat-advisory/citrix-warns-of-critical-netscaler-flaws-actively-exploited-in-attacks-urges-immediate-patching/
[5] https://digital.nhs.uk/cyber-alerts/2024/cc-4439
[6] https://vulnera.com/newswire/cisa-mandates-federal-agencies-to-address-citrix-and-google-chrome-zero-days-within-set-timeframes/
[7] https://www.csoonline.com/article/1291514/citrix-netscaler-devices-face-active-zero-day-exploitations.html
[8] https://duo.com/decipher/citrix-discloses-netscaler-adc-and-gateway-zero-days
[9] https://www.techtarget.com/searchsecurity/news/366566508/New-zero-days-in-Citrix-NetScaler-ADC-Gateway-under-attack
