A new critical severity vulnerability (CVE-2023-3519) in the NetScaler ADC and NetScaler Gateway is being exploited in the wild. CVE-2023-3519 may allow an unauthenticated attacker to perform remote code execution on the target system.
The advisory addressed two more vulnerabilities:
- CVE-2023-3466
- CVE-2023-3467
Wouter Rijkbost and Jorren Geurts of Resillion have discovered the vulnerabilities addressed in the advisory.
The advisory states that the vulnerabilities do not affect customers using Citrix-managed cloud services or Citrix-managed Adaptive Authentication. The vulnerabilities only affect the customer-managed NetScaler ADC and NetScaler Gateway.
CISA has added CVE-2023-3519 to its Known Exploited Vulnerabilities Catalog requesting users to patch before August 9.
Citrix ADC is an application delivery solution for both on-premises and the cloud. Application delivery controllers (ADCs) are networking devices explicitly designed to enhance the performance, security, and resilience of the delivery of applications.
Citrix Gateway unifies remote access infrastructure to offer single sign-on for all applications, whether hosted in a data center, the cloud, or provided as SaaS.
CVE-2023-3519: Unauthenticated Remote Code Execution Vulnerability
The prerequisites to exploit this vulnerability are that the appliance must be configured as a:
- Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy)
OR
- AAA virtual server
CVE-2023-3466: Reflected Cross-Site Scripting (XSS) Vulnerability
Exploiting this vulnerability requires the victim to access an attacker-controlled link in the browser while on a network with connectivity to the NSIP.
Successful exploitation of the vulnerability will allow an attacker to execute arbitrary JavaScript on the victim’s browser.
CVE-2023-3467: Privilege Escalation Vulnerability
Authenticated access to NSIP or SNIP with management interface access is required to exploit the vulnerability.
Successful exploitation of the vulnerability will allow an attacker to escalate privileges to root administrator (nsroot).
Affected versions
- NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.13
- NetScaler ADC and NetScaler Gateway 13.0 before 13.0-91.13
- NetScaler ADC 13.1-FIPS before 13.1-37.159
- NetScaler ADC 12.1-FIPS before 12.1-55.297
- NetScaler ADC 12.1-NDcPP before 12.1-55.297
Note: NetScaler ADC and NetScaler Gateway version 12.1 is now End Of Life (EOL) and is vulnerable.
Mitigation
Customers are advised to upgrade to the following versions to mitigate the vulnerabilities:
- NetScaler ADC and NetScaler Gateway 13.1-49.13 and later releases
- NetScaler ADC and NetScaler Gateway 13.0-91.13 and later releases of 13.0
- NetScaler ADC 13.1-FIPS 13.1-37.159 and later releases of 13.1-FIPS
- NetScaler ADC 12.1-FIPS 12.1-55.297 and later releases of 12.1-FIPS
- NetScaler ADC 12.1-NDcPP 12.1-55.297 and later releases of 12.1-NDcPP
Note: NetScaler ADC and NetScaler Gateway version 12.1 is now End Of Life (EOL). Customers should upgrade their appliances to one supported version that addresses the vulnerabilities. Please refer to the Citrix Security Bulletin (CTX561482) for more information.
Qualys Detection
Qualys customers can scan their devices with QIDs 378674 and 378681 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.