Quantcast
Channel: Tenable Blog
Viewing all articles
Browse latest Browse all 1935

CVE-2023-3519: Critical RCE in Netscaler ADC (Citrix ADC) and Netscaler Gateway (Citrix Gateway)

$
0
0
CVE-2023-3519: Critical RCE in Netscaler ADC (Citrix ADC) and Netscaler Gateway (Citrix Gateway)

Citrix has released a patch fixing a remote code execution vulnerability in several versions of Netscaler ADC and Netscaler Gateway that has been exploited. Organizations are urged to patch immediately.

Background

On July 18, Citrix published a security bulletin (CTX561482) that addresses a critical remote code execution (RCE) vulnerability in Netscaler ADC (formerly known as Citrix ADC) and and Netscaler Gateway (formerly known as Citrix Gateway).

CVEDescriptionCVSSv3Severity
CVE-2023-3519Unauthenticated Remote Code Execution vulnerability9.8Critical

In addition to CVE-2023-3519, Citrix patched two additional vulnerabilities in its ADC and Gateway appliances:

CVEDescriptionCVSSv3Severity
CVE-2023-3466Reflected Cross-Site Scripting (XSS) vulnerability8.3High
CVE-2023-3467Privilege Escalation to root administrator (nsroot) vulnerability8.0High

Analysis

CVE-2023-3519 is a RCE vulnerability in Netscaler ADC and Netscaler Gateway. A remote, unauthenticated attacker can exploit this vulnerability to execute arbitrary code on a vulnerable server. For a target appliance to be vulnerable to exploitation, it must be configured as a Gateway (e.g. VPN, ICA Proxy, CVP, RDP Proxy) or an AAA virtual server. The vulnerability is rated as critical and Citrix reports that “Exploits of CVE-2023-3519 on unmitigated appliances have been observed.”

ADC and Gateway Historically Targeted by Attackers

Citrix’s ADC and Gateway appliances have been a valuable target for attackers in the past. For instance,in December 2022, Citrix patched another critical RCE vulnerability, CVE-2022-27518, in Citrix ADC and Gateway, that was also being exploited.

Following the disclosure of CVE-2019-19781, another unauthenticated RCE vulnerability in ADC and Gateway appliances in late 2019, active exploitation began in early 2020 and it remained a popular vulnerability with a variety of attackers including Chinese state-sponsored threat actors, Iranian-based threat actors, Russian state-sponsored threat groups as well as ransomware groups. Additionally, CVE-2019-19781 was featured as one of the Top 5 vulnerabilities in our 2020 Threat Landscape Retrospective report.

Due to the historical nature of exploitation against ADC and Gateway appliances, we strongly urge organizations to patch CVE-2023-3519 as soon as possible.

Proof of concept

At the time that this blog post was published, there was no proof-of-concept available for CVE-2023-3519.

Solution

Citrix detailed the affected and fixed versions in its security bulletin for CVE-2023-3519.

Affected ProductAffected VersionFixed Version
NetScaler ADC and NetScaler Gateway 13.1Before 13.1-49.1313.1-49.13 and later releases
NetScaler ADC and NetScaler Gateway 13.0Before 13.0-91.1313.0-91.13 and later
NetScaler ADC 13.1-FIPSBefore 13.1-37.15913.1-37.159 and later
NetScaler ADC 12.1-FIPSBefore 12.1-55.29712.1-55.297 and later
NetScaler ADC 12.1-NDcPPBefore 12.1-55.29712.1-55.297 and later

Citrix also notes that NetScaler ADC and NetScaler Gateway versions 12.1 is End of Life (EOL), and users are urged to upgrade to a supported version immediately.

Identifying affected systems

A list of Tenable plugins to identify this vulnerability will appear here as they’re released. This link uses a search filter to ensure that all matching plugin coverage will appear as it is released.

Get more information

Join Tenable's Security Response Team on the Tenable Community.

Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.


Viewing all articles
Browse latest Browse all 1935

Trending Articles