Home Technology Zero-Day Attacks Exploited Critical Vulnerability in Citrix ADC and Gateway

Zero-Day Attacks Exploited Critical Vulnerability in Citrix ADC and Gateway

by TodayDigitNews@gmail.com
0 comment

July 19, 2023THNMoreVulnerability / Cyber ​​Threat

Citrix ADC and gateway

Citrix is Warning Critical security flaws in NetScaler Application Delivery Controllers (ADCs) and gateways are being actively exploited by users in the real world, the company said.

tracked CVE-2023-3519 (CVSS score: 9.8), this issue is related to the following cases: code injection As a result, unauthorized remote code execution is possible. Affects the following versions:

  • NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.13
  • NetScaler ADC and NetScaler Gateway 13.0 before 13.0-91.13
  • NetScaler ADC and NetScaler Gateway version 12.1 (now end of life)
  • NetScaler ADC 13.1-FIPS prior to NetScaler ADC 13.1-37.159
  • NetScaler ADC 12.1-FIPS prior to NetScaler ADC 12.1-55.297, and
  • Before NetScaler ADC 12.1-NDcPP 12.1-55.297

The company did not provide further details about the flaws related to CVE-2023-3519, other than saying that it has seen exploitation of this flaw in “unmitigated appliances.” However, for an exploit to be successful, the device must be either a gateway (VPN virtual server, ICA proxy, CVPN, RDP proxy) or authentication and accounting (AAA) virtual server.

Alongside CVE-2023-3519, we are also addressing two other bugs.

  • CVE-2023-3466 (CVSS Score: 8.3) – Improper input validation vulnerability allows reflected cross-site scripting (XSS) attacks.
  • CVE-2023-3467 (CVSS Score: 8.0) – Improper privilege management vulnerability could lead to privilege escalation to root administrator (nsroot).

Wouter Rijkbost and Jorren Geurts of Resillion reported the bug. A patch has been released that addresses his three flaws in the version below.

  • NetScaler ADC and NetScaler Gateway 13.1-49.13 and later releases
  • NetScaler ADC and NetScaler Gateway 13.0-91.13 and 13.0 and later releases
  • NetScaler ADC 13.1-FIPS 13.1-37.159 and later releases of 13.1-FIPS
  • NetScaler ADC 12.1-FIPS 12.1-55.297 or later 12.1-FIPS releases, and
  • NetScaler ADC 12.1-NDcPP 12.1-55.297 and later 12.1-NDcPP releases

NetScaler ADC and NetScaler Gateway version 12.1 customers are encouraged to upgrade their appliances to a supported version to mitigate potential threats.

upcoming webinars

Shielding Against Insider Threats: Mastering SaaS Security Posture Management

Worried about insider threats? We’ve got you covered! Join us for this webinar to explore practical strategies and proactive security secrets using SaaS Security Posture Management.

join today

This development comes amid active exploitation of security flaws found in Adobe ColdFusion (CVE-2023-29298 and CVE-2023-38203) and the WooCommerce Payments WordPress plugin (CVE-2023-28121). was broken.

Neglecting security flaws in WordPress plugins opens the door to full compromise, allowing attackers to reuse compromised WordPress sites for other malicious activities.

Last month, eSentire announced that “ nitrogen A compromised WordPress site is used to host a malicious ISO image file that, when launched, can connect to remote servers to retrieve additional payloads such as Python scripts and Cobalt Strike. A malicious DLL file is deployed.

Did you enjoy this article? Follow us twitter and LinkedIn To read more of the exclusive content we post.

You may also like

Leave a Comment

Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

About Us

We are a group of friends who love to write about the things that matter to us. We started this blog as a way to share our knowledge and experience with the world.

ABout Us


Useful Links

Latest Articles

This type of car is going extinct in 2023 Monkey Bread CDC issues warning about Strep A infections in children

Editor's Picks

Monkey Bread

CDC issues warning about Strep...

20 Unique Bedroom Accent Wall...

Teenage Mutant Ninja Turtles: Shredder’s...

Copyright ©️ All rights reserved. | Today Digital News

Facebook Twitter Youtube Instagram Soundcloud