Citrix has issued warnings about two zero-day vulnerabilities affecting its customer-managed Netscaler Application Delivery Controller and Netscaler Gateway appliances, with reports of active exploitation in a limited number of cases. The vulnerabilities, tracked as CVE-2023-6548 and CVE-2023-6549, could result in remote code execution and denial of service attacks, respectively. These vulnerabilities come more than three months after the initial patch for CitrixBleed was released, but are not related to that particular vulnerability (CVE-2023-4966).
The Remote Code Execution (RCE) vulnerability, reported by a customer, has a CVSS score of 5.5, while the Denial of Service (DoS) vulnerability, with a CVSS score of 8.2, was discovered internally and later reported by a customer. Despite not being linked to CitrixBleed, these zero-days are causing concerns for Citrix amid ongoing exploitation issues.
Citrix stresses the urgency for customers to address these vulnerabilities promptly to avoid potential risks. The Cybersecurity and Infrastructure Security Agency has added the vulnerabilities to its list of known exploited vulnerabilities. While no proof of concept has been identified, researchers caution that the threat activity could escalate quickly if a vulnerability is exploited.
There are warnings that an attacker could easily take advantage of the RCE vulnerability with low-level privileges if they gain access to the NetScaler IP or management interface. Citrix recommends keeping the management interface off the public internet and within a secure network. The DoS vulnerability can be exploited when a vulnerable device is configured as a gateway or AAA virtual server.
Overall, these recent zero-day vulnerabilities pose a significant threat to organizations using Citrix appliances, and immediate action is advised to mitigate potential risks. It is crucial for customers to apply the necessary fixes promptly to prevent widespread exploitation and safeguard their systems from malicious activities.
Article Source
https://www.cybersecuritydive.com/news/citrix-exploitation-netscaler-zero-days/704894/