Citrix has issued an urgent security warning to its users about a critical vulnerability found in the NetScaler Application Delivery Controller (ADC) and Gateway, which is reportedly being exploited in real-time.
Labelled as CVE-2023-3519 (with a CVSS score of 9.8), this security flaw is a type of code injection that can lead to unauthenticated remote code execution. Affected versions include –
NetScaler ADC and NetScaler Gateway 13.1 prior to 13.1-49.13 NetScaler ADC and NetScaler Gateway 13.0 prior to 13.0-91.13 NetScaler ADC and NetScaler Gateway version 12.1 (currently end-of-life) NetScaler ADC 13.1-FIPS prior to 13.1-37.159 NetScaler ADC 12.1-FIPS prior to 12.1-55.297, and NetScaler ADC 12.1-NDcPP prior to 12.1-55.297 The company refrained from delving into the specifics of the vulnerability associated with CVE-2023-3519 but confirmed that there have been sightings of exploits on “unmitigated appliances.” Successful exploitation, however, hinges on the device’s configuration as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or as an authorization and accounting (AAA) virtual server.
Alongside CVE-2023-3519, Citrix also rectified two other bugs –
CVE-2023-3466 (CVSS score: 8.3) – A flaw in input validation that could result in a reflected cross-site scripting (XSS) attack CVE-2023-3467 (CVSS score: 8.0) – An improper privilege management vulnerability that could lead to privilege escalation to the root administrator (nsroot) The bugs were brought to light by Wouter Rijkbost and Jorren Geurts from Resillion. In response, patches have been rolled out to tackle these vulnerabilities in the following versions –
NetScaler ADC and NetScaler Gateway 13.1-49.13 and subsequent releases NetScaler ADC and NetScaler Gateway 13.0-91.13 and subsequent releases of 13.0 NetScaler ADC 13.1-FIPS 13.1-37.159 and subsequent releases of 13.1-FIPS NetScaler ADC 12.1-FIPS 12.1-55.297 and subsequent releases of 12.1-FIPS, and NetScaler ADC 12.1-NDcPP 12.1-55.297 and subsequent releases of 12.1-NDcPP Users of NetScaler ADC and NetScaler Gateway version 12.1 are urged to update their appliances to a version that is currently supported to protect against potential threats.
Ensure Your Security This development arrives amidst the active exploitation of security vulnerabilities found in Adobe ColdFusion (CVE-2023-29298 and CVE-2023-38203) and the WooCommerce Payments WordPress plugin (CVE-2023-28121).
Ignoring security flaws in WordPress plugins could pave the way for complete system compromise, providing threat actors the opportunity to repurpose the compromised WordPress sites for other malicious activities.
In the previous month, eSentire reported an attack campaign named Nitrogen wherein infected WordPress sites were used to host malicious ISO image files that, when activated, would result in the deployment of rogue DLL files capable of communicating with a remote server to fetch additional payloads, including Python scripts and Cobalt Strike.