Citrix Discovers 2 Vulnerabilities, Both Exploited in the Wild
These vulnerabilities are the second and third for Citrix but are not expected to be as detrimental as "CitrixBleed."
January 18, 2024
Two vulnerabilities have been found in NetScaler ADC and NetScaler Gateway, formerly known as Citrix ADC and Citrix Gateway, and are affecting six supported versions.
Tracked as CVE-2023-6548, this vulnerability needs access to NSIP, CLIP, or SNIP with management interface access, where, if gaining these privileges, a threat actor could authenticate remote code execution on the appliance's management interface. This vulnerability is rated a medium severity CVSS score of 5.5 on a 10-point scale. The second vulnerability, CVE-2023-6549, is a denial-of-service (DoS) issue, and the device must have an AAA virtual server or be configured as a gateway; it has been given a high severity CVSS rating of 8.2. Both of these flaws have been exploited in the wild, but no details have been shared from Citrix at this point.
Citrix has recommended that to combat CVE-2023-6548, which impacts management interfaces, "network traffic to the appliance's management interface [should be] separated, either physically or logically, from normal network traffic. In addition, we recommend that you do not expose the management interface to the Internet."
Because exploitation of these appliances has occurred, Cloud Software Group recommends that affected customers install the updated versions of these interfaces for the affected appliances, including:
NetScaler ADC and NetScaler Gateway 14.1-12.35 and later releases
NetScaler ADC and NetScaler Gateway 13.1-51.15 and later releases of 13.1
NetScaler ADC and NetScaler Gateway 13.0-92.21 and later releases of 13.0
NetScaler ADC 13.1-FIPS 13.1-37.176 and later releases of 13.1-FIPS
NetScaler ADC 12.1-FIPS 12.1-55.302 and later releases of 12.1-FIPS
NetScaler ADC 12.1-NDcPP 12.1-55.302 and later releases of 12.1-NDcPP
Just last month, Citrix patched a critical flaw, CVE-2023-4966 (coined CitrixBleed), that was heavily exploited by threat actors, but according to Tenable researchers, these two new vulnerabilities won't have as significant of an impact. Still, users should mitigate and apply patches to their networks as soon as they can.
Citrix reports that it is alerting customers and channel partners about any potential issues that may arise due to these vulnerabilities through its bulletin in its Citrix Knowledge Center on its website. Should customers need support or assistance, they can reach out to Citrix technical support.
About the Author
You May Also Like