Citrix recently announced the presence of two zero-day vulnerabilities in its NetScaler ADC and NetScaler Gateway appliances, which require urgent patches for resolution. CVE-2023-6548 is a remote code execution (RCE) vulnerability that allows an authenticated attacker with low-level privileges to exploit the system. On the other hand, CVE-2023-6549 is a denial of service (DoS) vulnerability that could be used to disrupt a vulnerable system when configured as a gateway or as a virtual server. These vulnerabilities have already been exploited in the wild, although specific details about the exploits have not been disclosed.
These are the second and third zero-day vulnerabilities in Citrix NetScaler appliances that have been reported in the past four months, following the patching of CVE-2023-4966 in October, also known as “CitrixBleed.” While the impact of these new vulnerabilities may not be as severe as CitrixBleed, organizations using these devices are strongly encouraged to apply the available patches promptly.
Citrix has released patches for the affected products, including NetScaler ADC and NetScaler Gateway versions 13.0, 13.1, and 14.1, as well as Analog-to-Digital Converter and Analog-Digital Converter variants. It is important for users to update to the fixed versions as soon as possible. Additionally, Citrix advises organizations to separate network traffic to the device’s management interface and avoid exposing it to the Internet for added security.
As of now, there is no known public proof of concept for these vulnerabilities, but given the historical exploitation of Citrix NetScaler ADC and Gateway, it is anticipated that exploit code may surface soon. Users can stay informed about available Tenable plugins for these vulnerabilities through the individual CVE pages. It is essential for organizations to stay vigilant and keep their systems up to date to mitigate the risks associated with these vulnerabilities.
For more information and resources, users can reach out to the Tenable Security Response Team and engage with the Tenable Community. By employing a proactive and sustainable exposure management platform, organizations can better protect their systems against potential threats on the modern attack surface.
Article Source
https://www.tenable.com/blog/cve-2023-6548-cve-2023-6549-zero-day-vulnerabilities-netscaler-adc-gateway-exploited