NetScaler

Critical DOS and Open Redirect Vulnerability Affecting Citrix Netscaler ADC and Gateway

by
Critical DOS and Open Redirect Vulnerability Affecting Citrix Netscaler ADC and Gateway

A recent editorial from Red Hot Cyber highlights two vulnerabilities found in NetScaler ADC and NetScaler Gateway, which are widely used devices to enhance application performance and ensure secure access to sensitive data. The affected versions include NetScaler ADC and NetScaler Gateway 14.1 before version 14.1-25.53, 13.1 before version 13.1-53.17, and 13.0 before version 13.0-92.31, … Read more

Citrix Advises NetScaler ADC and Gateway Users to Install Patches

by
Citrix Advises NetScaler ADC and Gateway Users to Install Patches

Citrix urged clients to update to the latest versions of NetScaler ADC and NetScaler Gateway due to an attack targeting a critical vulnerability. The company released patches to address the issue, known as CVE-2023-4966, on October 10. Citrix warned that exploiting the flaw could result in data disclosure. The vulnerability is most critical for customers … Read more

Citrix cautions about limited risk of exploitation in two Netscaler zero-day vulnerabilities.

by
Citrix cautions about limited risk of exploitation in two Netscaler zero-day vulnerabilities.

Citrix has issued warnings about two zero-day vulnerabilities affecting its customer-managed Netscaler Application Delivery Controller and Netscaler Gateway appliances, with reports of active exploitation in a limited number of cases. The vulnerabilities, tracked as CVE-2023-6548 and CVE-2023-6549, could result in remote code execution and denial of service attacks, respectively. These vulnerabilities come more than three … Read more

Critical Citrix Vulnerabilities Addressed in Latest Patch Release: Zero-Day Threats Targeting NetScaler ADC and Gateway

by

Citrix has released patches for two zero-day vulnerabilities that were actively being exploited in their NetScaler ADC and Gateway products. This news comes as a relief to many organizations, especially those in the healthcare industry who are subject to HIPAA regulations. The vulnerabilities could have allowed attackers to gain unauthorized access to sensitive information, potentially … Read more

Zero-Day Vulnerabilities CVE-2023-6548 and CVE-2023-6549 Exploited in Citrix NetScaler ADC and NetScaler Gateway

by
Zero-Day Vulnerabilities CVE-2023-6548 and CVE-2023-6549 Exploited in Citrix NetScaler ADC and NetScaler Gateway

Citrix recently announced the presence of two zero-day vulnerabilities in its NetScaler ADC and NetScaler Gateway appliances, which require urgent patches for resolution. CVE-2023-6548 is a remote code execution (RCE) vulnerability that allows an authenticated attacker with low-level privileges to exploit the system. On the other hand, CVE-2023-6549 is a denial of service (DoS) vulnerability … Read more

Malicious hackers bypass Citrix Netscaler patch for critical CVE

by
Citrix cautions about limited risk of exploitation in two Netscaler zero-day vulnerabilities.

Mandiant researchers have issued a warning about a critical vulnerability in Citrix Netscaler that continues to be exploited despite a patch being issued on October 10. The vulnerability, identified as CVE-2023-4966, affects Netscaler ADC and Netscaler Gateway, and has been actively exploited since at least August. Although Citrix believed the patch would prevent further attacks, … Read more

NetScaler Duo Integration: nFactor Using RADIUS iFrame – Step-by-Step Guide

by
NetScaler Duo Integration: nFactor Using RADIUS iFrame – Step-by-Step Guide

Duo integrates with on-premises NetScaler to provide two-factor authentication for remote access logins through the Advanced Authentication Policy framework. To set up Duo with Citrix Gateway, users must configure the Duo Authentication Proxy as a secondary RADIUS authentication server alongside the primary authentication system linked to Active Directory, LDAP, or another ID store. Before installation, … Read more

Citrix Bleed Exploit Allows Hackers to Take Over NetScaler Accounts

by
Citrix Bleed Exploit Allows Hackers to Take Over NetScaler Accounts

A proof-of-concept exploit for the ‘Citrix Bleed’ vulnerability, CVE-2023-4966, allows attackers to retrieve authentication session cookies from vulnerable Citrix NetScaler ADC and Gateway devices. Citrix patched the flaw on October 10 but did not provide many details about it. Mandiant revealed that the flaw was exploited in limited attacks as zero day at the end … Read more

Citrix alerts of vulnerabilities in Netscaler being exploited by attackers

by
Citrix alerts of vulnerabilities in Netscaler being exploited by attackers

Citrix has warned its customers to promptly patch Netscaler ADC and Gateway appliances against two zero-day vulnerabilities that are being actively exploited. The vulnerabilities, tracked as CVE-2023-6548 and CVE-2023-6549, can lead to remote code execution and denial-of-service attacks on unpatched Netscaler instances. Attackers need to log in to low-privileged accounts on the target instance and … Read more

Citrix alerts public to exploitation of new Netscaler zero-day vulnerabilities

by
Citrix alerts of vulnerabilities in Netscaler being exploited by attackers

Citrix has warned its customers about two zero-day vulnerabilities affecting Netscaler ADC and Gateway appliances that expose them to remote code execution and denial-of-service attacks. To exploit these vulnerabilities, attackers need access to low-privileged accounts and specific network configurations. Only customer-managed Netscaler appliances are affected, not Citrix-managed cloud services. The affected product versions include Netscaler … Read more