Critical Citrix ADC & Citrix Gateway Vulnerabilities CVE-2023-3519, CVE-2023-3466, CVE-2023-3467
Critical Citrix ADC & Citrix Gateway vulnerabilities CVE-2023-3519, CVE-2023-3466, CVE-2023-3467
The manufacturer Citrix informed about critical vulnerabilities on 18 July. In particular, CVE-2023-3519 should be patched as soon as possible, as it was given a CVSS of 9.8.
The vulnerabilities relate to NetScaler ADC (formerly Citrix ADC) and also NetScaler Gateway (formerly Citrix Gateway). The following supported versions are affected:
NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.13
NetScaler ADC and NetScaler Gateway 13.0 before 13.0-91.13
NetScaler ADC 13.1-FIPS before 13.1-37.159
NetScaler ADC 12.1-FIPS before 12.1-55.297
NetScaler ADC 12.1-NDcPP before 12.1-55.297
Note: NetScaler ADC and NetScaler Gateway version 12.1 is now End Of Life (EOL) and is vulnerable.
What are the risks of exploiting the vulnerabilities?
CVE ID | Description | Prerequisite | CVSS |
CVE-2023-3466 | Reflected Cross-Site Scripting (XSS) | The victim must access a link in the browser controlled by the attacker, while on a network connected to the NSIP. | 8.3 |
CVE-2023-3467 | Privilege Escalation to root administrator (nsroot) | Authenticated access to NSIP or SNIP with access to the management interface | 8.0 |
CVE-20233519 | Unauthenticated remote code execution | The appliance must be configured as Gateway (virtual VPN server, ICA proxy, CVPN, RDP proxy) OR Virtual AAA server | 9.8 |
What should you do now?
It is imperative that you apply all recommended patches at short notice. The manufacturer specifies the following versioning:
NetScaler ADC and NetScaler Gateway 13.1-49.13 and later releases
NetScaler ADC and NetScaler Gateway 13.0-91.13 and later releases of 13.0
NetScaler ADC 13.1-FIPS 13.1-37.159 and later releases of 13.1-FIPS
NetScaler ADC 12.1-FIPS 12.1-55.297 and later releases of 12.1-FIPS
NetScaler ADC 12.1-NDcPP 12.1-55.297 and later releases of 12.1-NDcPP
In addition, we recommend checking whether the vulnerability has already been exploited. In other words, check log files, take a close look at the reports from the early detection technologies and carry out analyses if necessary.
We are happy to answer any questions you may have.
