Nynox advisory - Threat alert -
Citrix Netscaler ADC / Gateway

– Date: 16 January 2024 –

 Threat Alert – Citrix Netscaler ADC / Gateway Multiple Vulnerabilities – Your environment might be vulnerable to multiple Citrix Netscaler ADC and Gateway vulnerabilities (CVE-2023-6548 , CVE-2023-6549). Read more below for details on the recent critical vulnerabilities.

On the 16th of January, Citrix has put out communication regarding two products who are vulnerable towards a critical zero-day vulnerability, A Denial of Service and Remote Code Execution.

What’s going on?

❗️Several critical risk vulnerabilities have been published by Citrix in Netscaler ADC and Gateway.

❗️For a Citrix Netscaler ADC and Gateway to be vulnerable, it must be configured as a Gateway (e.g. VPN, ICA Proxy, CVP, RDP Proxy) or an AAA virtual server.

❗️Attackers must be logged in to low-privilege accounts on the targeted instance and need access to NSIP, CLIP, or SNIP with management interface access.

❗️The affected versions for both products are:

  • 14.1 before 14.1-12.35
  • 13.1 before 13.1-51.15
  • 13.0 before 13.0-92.21
  • 13.1-FIPS before 13.1-37.176
  • 12.1-FIPS before 12.1-55.302
  • 12.1-NDcPP before 12.1-55.302
❗️A threat actor could remotely execute commands to be in control over vulnerable devices.

❗️There are currently no known IOC’s for these vulnerabilities.
❗️Citrix is aware of these vulnerabilities being used in the wild.
❗️No workarounds are available.
How does Nynox protect its customers?
🛡️ Personalized assistance to mitigate the risk

🛡️ 24×7 Incident Response (CSIRT)
🛡️ 24×7 monitoring of customer environments
✅ No action is required if you are using Citrix-managed cloud services or Citrix-managed Adaptive Authentication.
✅ Since there are no workarounds, simply install the latest build of ADC and Gateway which you can find via the links below:
How to  install the latest build of ADC and Gateway?
In need of assistent? We're here for you!
Our Latest insights