Citrix has warned its customers about two zero-day vulnerabilities affecting Netscaler ADC and Gateway appliances that expose them to remote code execution and denial-of-service attacks. To exploit these vulnerabilities, attackers need access to low-privileged accounts and specific network configurations. Only customer-managed Netscaler appliances are affected, not Citrix-managed cloud services.
The affected product versions include Netscaler ADC and Gateway 14.1, 13.1, 13.0, 13.1-FIPS, 12.1-FIPS, and 12.1-NDcPP. Over 1,500 Netscaler management interfaces are currently exposed online, according to Shadowserver data.
Citrix issued a security notice urging administrators to patch their devices immediately to prevent potential attacks. They recommended upgrading to supported versions and separating the device management interface from normal network traffic to reduce the risk of exploitation.
A previous critical flaw in Netscaler, CVE-2023-4966 (Citrus Bleeding), was also exploited as a zero-day by threat groups targeting government organizations and technology companies like Boeing. The Healthcare Cybersecurity Coordination Center (HC3) advised healthcare organizations to secure their Netscaler instances against increasing ransomware attacks.
Overall, Citrix customers are encouraged to take immediate action to protect their Netscaler appliances against these vulnerabilities and follow best practices for secure deployment to mitigate the risk of exploitation.
Article Source
https://www.bleepingcomputer.com/news/security/citrix-warns-of-new-netscaler-zero-days-exploited-in-attacks/amp/