High Threat Security Alert (A23-07-14): Multiple Vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway
19 July 2023
Citrix released a security advisory to address multiple vulnerabilities in Citrix NetScaler ADC and Citrix NetScaler Gateway. An attacker could exploit these vulnerabilities by sending specially crafted requests to an affected system.
Reports indicate that the remote code execution vulnerability (CVE-2023-3519) is being exploited in the wild. System administrators are advised to take immediate actions to patch your affected systems to mitigate the elevated risk of cyber attacks.
Citrix NetScaler Application Delivery Controller (ADC) and Citrix NetScaler Gateway 13.1 prior to version 13.1-49.13
Citrix NetScaler Application Delivery Controller (ADC) and Citrix NetScaler Gateway 13.0 prior to version 13.0-91.13
Citrix NetScaler Application Delivery Controller (ADC) 13.1-FIPS prior to version 13.1-37.159
Citrix NetScaler Application Delivery Controller (ADC) 12.1-FIPS prior to version 12.1-55.297
Citrix NetScaler Application Delivery Controller (ADC) 12.1-NDcPP prior to version 12.1-55.297
Please note that Citrix NetScaler ADC and Citrix NetScaler Gateway version 12.1 has reached End-Of-Life (EOL). As version 12.1 is vulnerable with no security updates provided, system administrators should arrange to upgrade the NetScaler ADC and NetScaler Gateway to supported versions or migrate to other supported technology.
Depending on the vulnerability being exploited, a successful exploitation could lead to remote code execution, privilege escalation or spoofing on an affected system.
Software updates for affected systems are now available. Administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.