{"id":22524,"date":"2023-07-21T16:10:28","date_gmt":"2023-07-22T00:10:28","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2023\/07\/21\/news-16254\/"},"modified":"2023-07-21T16:10:28","modified_gmt":"2023-07-22T00:10:28","slug":"news-16254","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2023\/07\/21\/news-16254\/","title":{"rendered":"CISA: You’ve got two weeks to patch Citrix NetScaler vulnerability CVE-2023-3519"},"content":{"rendered":"

The Cybersecurity and Infrastructure Security Agency (CISA) has added<\/a> a critical unauthenticated remote code execution (RCE) vulnerability in Citrix NetScaler ADC and Citrix NetScaler Gateway to its Known Exploited Vulnerabilities Catalog<\/a>, based on evidence of active exploitation. This means that Federal Civilian Executive Branch (FCEB) agencies need to remediate this vulnerability by August 9, 2023 to protect their networks against active threats. We urge everyone else to take it seriously too.<\/p>\n

The recommended actions are to apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Given the active exploitation, we would advise to do this as soon as possible.<\/p>\n

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The actively exploited CVE patched in this update is CVE-2023-3519<\/a> a Citrix NetScaler ADC and NetScaler Gateway code injection vulnerability with a CVSS<\/a> score of 9.8 out of 10. The vulnerability can lead to unauthenticated RCE. It affects appliances configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or as an authentication, authorization and accounting (AAA)\u202fvirtual\u202fserver.<\/p>\n

Little information has been made available about the campaign that is exploiting this vulnerability. What we do know is that the criminals use web shells—a script that can be used by an attacker to run remote commands and maintain persistent access on an already compromised system. CISA has released a cybersecurity advisory<\/a> about the tactics, techniques, and procedures (TTPs) of the currently active campaign.<\/p>\n

Reportedly<\/a>, there are around 38,000 Citrix Gateway appliances exposed to the public Internet and exploits against Citrix ADC have been discussed, including the sale of a Remote Code Execution (RCE) exploit, on a cybercrime forum.<\/p>\n

Citrix acknowledges the urgency by stating:<\/p>\n

“Exploits of CVE-2023-3519 on unmitigated appliances have been observed. Cloud Software Group strongly urges affected customers of NetScaler ADC and NetScaler Gateway to install the relevant updated versions as soon as possible.”<\/p><\/blockquote>\n

The security bulletin by Citrix<\/a> about this vulnerability includes two more vulnerabilities. The following supported versions of NetScaler ADC and NetScaler Gateway are affected by the vulnerabilities:<\/p>\n