Black Arrow Cyber Advisory 19 July 2023 – Critical Citrix ADC and Gateway flaw actively exploited

Executive Summary

Citrix have released a patch for three vulnerabilities, including one critical vulnerability in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). If exploited, the critical vulnerability allows an unauthenticated malicious actor to perform remote code execution. The other two vulnerabilities allow an attacker to gain root administrator permissions and deliver malicious files and links to a victim.

Technical Summary

CVE-2023-3519 – This is a critical vulnerability which allows an unauthenticated attacker to perform remote code execution. For it to work it requires the appliance to be configured as a gateway.

CVE-2023-3466 – This vulnerability, categorised as high, allows an attacker to perform reflected cross-site scripting, allowing them to deliver malicious files, links, and emails. For it to work, it requires the victim to access an attacker-controlled link in the browser while being on the network.

CVE-2023-3467 – This vulnerability, categorised as high, allows an attacker to perform privilege escalation to gain the highest available. For successful exploitation the attacker needs to have authenticated access to the management interface access.

 What’s the risk to me or my business?

The vulnerabilities allow for a range of attacks such as unauthenticated remote code execution, privilege escalation to root as well as enabling an attacker the ability to distribute malicious files, links, and emails to users. All of which compromise the confidentiality, integrity, and availability of the data in your organisation.

Impacted versions of the products include the following:

  • NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.13 

  • NetScaler ADC and NetScaler Gateway 13.0 before 13.0-91.13 

  • NetScaler ADC 13.1-FIPS before 13.1-37.159

  • NetScaler ADC 12.1-FIPS before 12.1-55.297

  • NetScaler ADC 12.1-NDcPP before 12.1-55.297

NetScaler ADC and NetScaler Gateway version 12.1 is now End Of Life (EOL). Citrix advises customers to upgrade their appliances to one of the supported versions that address the vulnerabilities. 

 What can I do?

Citrix has recommended to apply patches which they have made available for the following versions:

  • NetScaler ADC and NetScaler Gateway 13.1-49.13 and later releases

  • NetScaler ADC and NetScaler Gateway 13.0-91.13 and later releases of 13.0  

  • NetScaler ADC 13.1-FIPS 13.1-37.159 and later releases of 13.1-FIPS  

  • NetScaler ADC 12.1-FIPS 12.1-55.297 and later releases of 12.1-FIPS  

  • NetScaler ADC 12.1-NDcPP 12.1-55.297 and later releases of 12.1-NDcPP 

 More information on the Citrix ADC and Gateway flaw vulnerability can be found here:

https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity 

Previous
Previous

Black Arrow Cyber Advisory 20 July 2023 – OpenSSH Remote Code Execution Vulnerability

Next
Next

Black Arrow Cyber Advisory 17 July 2023 – Cisco SD-WAN vManage Vulnerable to Remote Unauthenticated Access