Citrix is warning customers of a critical vulnerability (CVE-2023-3519) in its NetScaler ADC and NetScaler Gateway products. This vulnerability is already being exploited in the wild. The company is strongly urging customers to install updated versions of these products without delay. This security issue may be the same one that was advertised earlier this month on a hacker forum as a zero-day vulnerability.
The two NetScaler products received new versions today to mitigate a set of three vulnerabilities. The most severe of them is tracked as CVE-2023-3519, which has a score of 9.8 out of 10. An attacker can exploit this vulnerability to execute code remotely without authentication. For hackers to leverage this security issue in attacks, the vulnerable appliance must be configured as a gateway or as an authentication virtual server.
Citrix has observed exploits of CVE-2023-3519 on unmitigated appliances. The company strongly advises its customers to switch to an updated version that fixes the issue. Citrix also notes that NetScaler ADC and NetScaler Gateway version 12.1 have reached the end of their life cycle and customers should upgrade to a newer version of the product.
In the first week of July, a zero-day vulnerability for Citrix ADC was advertised on a hacker forum. The details are scant but seem to point to the Citrix security bulletin issued today. The author of the post said that they had a remote code execution zero-day that allegedly worked for versions of Citrix ADC up to 13.1 build 48.47. Citrix had reportedly learned of a zero-day advertisement on a cybercrime forum and was working on a patch before disclosing the problem.
The updates also include fixes for two other high-severity vulnerabilities, identified as CVE-2023-3466 and CVE-2023-3467. Both of these vulnerabilities can be exploited if a victim loads a link from an attacker in their browser and the vulnerable appliance is reachable from the same network. Citrix lists CVE-2023-3467 as a vulnerability that allows an attacker to elevate privileges to those of a root administrator. This requires authenticated access to the NetScaler appliances IP address or a SubNet IP with access to the management interface.
At the time of writing, technical details about all three vulnerabilities are not publicly available. However, organizations with NetScaler ADC and Gateway appliances should prioritize updating them.