Nynox advisory - Threat alert -
Citrix Netscaler ADC / Gateway
– Date: 18 July 2023 –
On the 18th of July, Citrix has put out communication regarding two products, Citrix ADC and Citrix Gateway, which are vulnerable towards three critical vulnerabilities, including privilege escalation and remote code execution. Citrix customers should take immediate actions to patch their products. Read more below for details on the recent critical vulnerabilities.
What is this about?
❗️A threat actor could remotely execute commands without the need for authentication and be in control over vulnerable devices.
❗️With the RCE vulnerability the other two can be used to further compromise unmitigated appliances.
❗️Exploits of CVE-2023-3519 have been observed in the wild.
❗️No workarounds are available.
WHY IS THIS VULNERABILITY SERIOUS?
⚠️ Several critical risk vulnerabilities have been published by Citrix in Netscaler ADC and Gateway.
⚠️ For a target appliance to be vulnerable to exploitation, it must be configured as a Gateway (e.g. VPN, ICA Proxy, CVP, RDP Proxy) or an AAA virtual server.
⚠️ The affected versions for both products are:
- 13.1 before 13.1-49.13
- 13.0 before 13.0-91.13
- 13.1-FIPS before 13.1-37.159
- 12.1-FIPS before 12.1-65.36
- 12.1-NDcPP before 12.65.36
How does Nynox protect its customers?
🛡️ Personalized assistance to mitigate the risk
🛡️ 24×7 Incident Response (CSIRT)
🛡️ 24×7 monitoring of customer environments
WHAT CAN YOU DO TO MITIGATE THE RISK?
✅ No action is required if you are using Citrix-managed cloud services or Citrix-managed Adaptive Authentication.
✅ Simply install the latest build of ADC and Gateway. How To:
How to install the latest build of ADC and Gateway?
DID OUR TALK SPARK YOUR INTEREST? GET IN TOUCH WITH US!
