Urgent Warning Issued for Citrix Zero-Day Exploit: A Rise in Attacks Expected

July 19, 2023

Citrix has recently addressed several vulnerabilities, including a critical zero-day, CVE-2023-3519, that has been leveraged in attacks. The company released patches on Tuesday for three vulnerabilities, one of which is an actively exploited zero-day that could lead to remote code execution. This zero-day, marked as 'critical', impacts Citrix ADC and Gateway products. It is exploitable remotely without authentication, but only against appliances configured as a gateway or AAA virtual server.

Citrix has alerted its customers that attacks targeting CVE-2023-3519 on unmitigated appliances have been observed. Rapid7, a cybersecurity firm, has also cautioned organizations about the likelihood of increased exploitation due to the popularity of the affected products. There are currently no specific details available about the attacks. However, it is known that vulnerabilities in Citrix products have previously been exploited by both profit-driven cybercriminals and state-sponsored threat actors, including those linked to China.

In addition to the zero-day, the new Citrix ADC and Gateway updates also address two high-severity vulnerabilities. One of these, CVE-2023-3466, is a reflected cross-site scripting (XSS) issue that can be exploited by tricking the targeted user into clicking a malicious link. The other vulnerability, CVE-2023-3467, allows an authenticated attacker to escalate their privileges to the level of a root administrator.

Patches for these security issues have been included in the latest versions of NetScaler ADC and Gateway, as well as NetScaler ADC 13.1-FIPS, 12.1-FIPS, and ADC 12.1-NDcPP. The US Cybersecurity and Infrastructure Security Agency (CISA) has also issued an alert about these Citrix vulnerabilities, particularly warning organizations about the zero-day.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.