Citrix has warned its customers to promptly patch Netscaler ADC and Gateway appliances against two zero-day vulnerabilities that are being actively exploited. The vulnerabilities, tracked as CVE-2023-6548 and CVE-2023-6549, can lead to remote code execution and denial-of-service attacks on unpatched Netscaler instances. Attackers need to log in to low-privileged accounts on the target instance and have access to NSIP, CLIP, or SNIP to execute code. Devices configured as gateways are vulnerable to DoS attacks.
Affected product versions include NetScaler ADC and NetScaler Gateway 14.1 before 14.1-12.35, NetScaler ADC and NetScaler Gateway 13.1 before 13.1-51.15, NetScaler ADC and NetScaler Gateway 13.0 prior to 13.0-92.21, NetScaler ADC 13.1-FIPS prior to 13.1-37.176, NetScaler ADC 12.1-FIPS prior to 12.1-55.302, and NetScaler ADC 12.1-NDcPP prior to 12.1-55.302. There are over 1,500 exposed Netscaler management interfaces online, according to Shadowserver.
Citrix emphasized the importance of patching Netscaler devices immediately to prevent potential attacks. They recommended all affected customers to install the relevant updates as soon as possible and advised upgrading from the end-of-life software version 12.1. Administrators unable to deploy updates should block network traffic to affected instances and secure the management interface. The company also suggested separating the management interface from normal network traffic to reduce the risk of exploitation.
In addition to the two zero-day vulnerabilities, another critical flaw known as CVE-2023-4966, dubbed Citrus Bleeding, was patched in October. This vulnerability had been exploited as a zero-day since August by threat groups targeting government organizations and technology companies like Boeing. The Healthcare Cybersecurity Coordination Center issued a sector alert advising healthcare organizations to protect their Netscaler instances against ransomware attacks.
It is crucial for organizations using Netscaler ADC and Gateway appliances to prioritize patching to safeguard against potential security risks posed by these vulnerabilities. Following Citrix’s recommendations for immediate action can help prevent unauthorized access and mitigate the impact of possible attacks.
Article Source
https://www.bleepingcomputer.com/news/security/citrix-warns-of-new-netscaler-zero-days-exploited-in-attacks/