About:
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
RedLegg will include a brief description of the vulnerability, whether or not an active exploit or POC exists, and then a link to an update, if any, exists. If no update exists, there will be remediation or mitigation suggestions to limit each vulnerability's risk.
On July 18, 2023, Citrix published an advisory concerning recent updates for multiple vulnerabilities discovered in Citrix ADC and Citrix Gateway products, including a critical unauthenticated remote code execution vulnerability that has been observed being exploited. Citrix has advised their customers install the latest software versions as soon as possible. Citrix customers can also subscribe to receive alerts for Citrix security bulletin updates.
VULNERABILITIES
CITRIX ADC & CITRIX GATEWAY REMOTE CODE EXECUTION VULNERABILITY
Identifier: CVE-2023-3519
CVSS Score: 9.8
Exploit or POC: Yes (Actively Being Exploited)
Advisory Link: Citrix ADC and Citrix Gateway Security Bulletin
Description: CVE-2023-3519 allows for remote code execution. Successful exploitation does not require authentication. Exploits of CVE-2023-3519 on unmitigated appliances have been observed. Cloud Software Group strongly urges affected customers of NetScaler ADC and NetScaler Gateway to install the relevant updated versions as soon as possible.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest NetScaler ADC and NetScaler Gateway versions as mentioned in the vendor advisory.
CITRIX ADC & CITRIX GATEWAY REFLECTION
CROSS-SITE SCRIPTING VULNERABILITY
Identifier: CVE-2023-3466
CVSS Score: 8.3
Exploit or POC: No
Advisory Link: Citrix ADC and Citrix Gateway Security Bulletin
Description: CVE-2023-3466 allows for cross-site injection. Requires victim to access an attacker-controlled link in the browser while being on a network with connectivity to the NSIP.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest NetScaler ADC and NetScaler Gateway versions as mentioned in the vendor advisory.
CITRIX ADC & CITRIX GATEWAY ELEVATION OF PRIVILEGE VULNERABILITY
Identifier: CVE-2023-3467
CVSS Score: 8.0
Exploit or POC: No
Advisory Link: Citrix ADC and Citrix Gateway Security Bulletin
Description: CVE-2023-3467 allows for privilege escalation to root administrator (nsroot). Successful exploitation requires authentication. Authenticated access to NSIP or SNIP with management interface access.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest NetScaler ADC and NetScaler Gateway versions as mentioned in the vendor advisory.