+44 (0)203 88 020 88

Menu

Search

Cyber Security News & Articles

 

Cyber Security
News & Articles

Trusted Cyber Security Experts
25+ Years Industry Experience
Ethical, Professional & Pragmatic

Citrix ADC and Gateway RCE Vulnerability Exploited

A critical severity Citrix ADC and Citrix Gateway remote code execution (RCE) flaw has been confirmed to be exploited in the wild. Now known as NetScaler ADC and NetScaler Gateway, both end of life and supported versions of these products are vulnerable to this flaw, and two other vulnerabilities, addressed in the latest security update from Citrix. These devices must be configured as a gateway (VPN virtual server, ICA proxy, CVPN, RDP proxy) or an AAA virtual server (authentication virtual server) in order for attackers to be able to exploit this critical RCE flaw. VPN gateways are designed to connect two or more sites, networks, or devices to allow them to communicate securely, and can also be used to connect multiple VPNs together. This makes an exploitable vulnerability in a VPN gateway environment dangerous due to the increased possibility of lateral movement throughout the VPN environment and into other remote sites, networks, and devices.  

CVE-2023-3519, the critical RCE flaw, has been assigned a CVSS base score of 9.8/10. This code injection vulnerability is believed to have been published on hacking forums earlier this month as an exploitable zero-day flaw, after which Citrix became aware of the flaw and started developing a patch before disclosing the details. This exploit that is known to occur in the wild can be performed by a remote, unauthenticated attacker, and results in execution of arbitrary code on the VPN gateway system.  

The other two vulnerabilities patched in the most recent Citrix update are both high severity flaws, neither of which are believed to be actively exploited. CVE-2023-3466 is a cross site scripting (XSS) flaw caused by improper input validation of properties when data is being processed. To exploit this flaw, the victim must visit a malicious link while being connected to a network with access to the NetScaler IP. As this involves user interaction it is considered a lower severity flaw than those that can be exploited by the attackers alone. CVE-2023-3467 is an improper privilege management vulnerability that allows an attacker to escalate their privileges to root administrator (nsroot). This can only be performed when they have first achieved authenticated access to the NetScaler IP or Subnet IP on the management interface.   

Citrix is urging users to update to the relevant patched version as soon as possible to mitigate these flaws, which include NetScaler ADC and NetScaler Gateway versions 13.1-49.13, 13.0-91.13, NetScaler ADC 13.1-FIPS 13.1-37.159, 12.1-FIPS 12.1-55.297, 12.1-NDcPP 12.1-55.297, and later releases. NetScaler ADC and NetScaler Gateway version 12.1 is affected by these vulnerabilities, but it is no longer supported by Citrix as it is an end of life product. No update will be available for this version and customers should instead upgrade to a supported version of the gateway. End of life software and devices should not be used as they are not patched for newly discovered flaws and are therefore more easily exploited attack surfaces for cyber criminals.  

 

 

Subscribe to our monthly newsletter today

If you’d like to stay up-to-date with the latest cyber security news and articles from our technical team, you can sign up to our monthly newsletter. 

We hate spam as much as you do, so we promise not to bombard you with emails. We’ll send you a single, curated email each month that contains all of our cyber security news and articles for that month.

Why Choose SecureTeam?

CREST
CCS
ISO9001
ISO27001
CE-PLUS

Customer Testimonials

“We were very impressed with the service, I will say, the vulnerability found was one our previous organisation had not picked up, which does make you wonder if anything else was missed.”

Aim Ltd Chief Technology Officer (CTO)

"Within a very tight timescale, SecureTeam managed to deliver a highly professional service efficiently. The team helped the process with regular updates and escalation where necessary. Would highly recommend"

IoT Solutions Group Limited Chief Technology Officer (CTO) & Founder

“First class service as ever. We learn something new each year! Thank you to all your team.”

Royal Haskoning DHV Service Delivery Manager

“We’ve worked with SecureTeam for a few years to conduct our testing. The team make it easy to deal with them; they are attentive and explain detailed reports in a jargon-free way that allows the less technical people to understand. I wouldn’t work with anyone else for our cyber security.”

Capital Asset Management Head of Operations

“SecureTeam provided Derbyshire's Education Data Hub with an approachable and professional service to ensure our schools were able to successfully certify for Cyber Essentials. The team provided a smooth end-to-end service and were always on hand to offer advice when necessary.”

Derbyshire County Council Team Manager Education Data Hub

“A very efficient, professional, and friendly delivery of our testing and the results. You delivered exactly what we asked for in the timeframe we needed it, while maintaining quality and integrity. A great job, done well.”

AMX Solutions IT Project Officer

“We were very pleased with the work and report provided. It was easy to translate the provided details into some actionable tasks on our end so that was great. We always appreciate the ongoing support.”

Innovez Ltd Support Officer

Get in touch today

If you’d like to see how SecureTeam can take your cybersecurity posture to the next level, we’d love to hear from you, learn about your requirements and then send you a free quotation for our services.

Our customers love our fast-turnaround, “no-nonsense” quotations – not to mention that we hate high-pressure sales tactics as much as you do.

We know that every organisation is unique, so our detailed scoping process ensures that we provide you with an accurate quotation for our services, which we trust you’ll find highly competitive.

Get in touch with us today and a member of our team will be in touch to provide you with a quotation. 

0

No products in the basket.

No products in the basket.