Citrix’s NetScaler ADC and NetScaler Gateway products have been targeted once again by two new zero-day vulnerabilities. The vulnerabilities, known as CVE-2023-6549 and CVE-2023-6548, were recently disclosed and patched. CVE-2023-6549 is considered a high severity denial of service flaw, while CVE-2023-6548 allows for remote code execution in management interfaces by authenticated attackers. Exploits for these vulnerabilities have been seen in the wild, prompting Citrix to advise customers to apply updates immediately for affected versions.
The affected versions include:
– NetScaler ADC and NetScaler Gateway 14.1 before 14.1-12.35
– NetScaler ADC and NetScaler Gateway 13.1 before 13.1-51.15
– NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.21
– NetScaler ADC 13.1-FIPS prior to 13.1-37.176
– NetScaler ADC 12.1-FIPS prior to 12.1-55.302
– NetScaler ADC 12.1-NDcPP prior to 12.1-55.302
Citrix also recommends separating network traffic to the device management interface from normal network traffic either physically or logically for added security. Last year, the same products were attacked via a zero-day vulnerability known as “Citrix Bleed,” which allowed threat actors to hijack existing sessions. The latest vulnerabilities are not considered as dangerous as Citrix Bleed, but organizations are still advised to apply patches promptly.
Research engineers from Tenable noted that while there have been no public proof-of-concept exploits yet, they expect malicious code to emerge soon based on past zero-day exploitation trends. The full impact of the vulnerabilities on organizations remains unknown, and Citrix has not provided additional comments on the matter. The situation highlights the ongoing challenges companies face in safeguarding their systems against ever-evolving cyber threats.
Article Source
https://www.techtarget.com/searchsecurity/news/366566508/New-zero-days-in-Citrix-NetScaler-ADC-Gateway-under-attack