UPDATE: Threat Response - Critical Vulnerabilities in NetScaler ADC and NetScaler Gateway

Dear Reader,

This is an update to our Threat Response of the 18 of July regarding critical vulnerabilities in NetScaler ADC and NetScaler Gateway. For the full text of this Threat Response, see below.

Dit is een update op onze Threat Response van 18 juli over een kritieke kwetsbaarheid in NetScaler ADC and NetScaler Gateway. Voor de volledige tekst van deze Threat Response, zie onder.

In addition to our previous Threat Response, we want to raise your attention to the following:

While there is no public exploit available of the vulnerability at this time, our CERT is observing incidents where this vulnerability is exploited. We again urge you to patch your systems as soon as possible if you haven't done so.

The patch provided by Citrix only mitigates the vulnerability. If you have already updated your systems, please perform a compromise assessment to assess if the vulnerability was exploited before the patch was applied. The CISA has published an assessment and methods to evaluate if your system is compromised [1]. 

If you have an indication that your system may be compromised based on the detection methods listed, please call our CERT with number listed at the end of this email.

What will Northwave do?

Northwave continuously monitor any developments regarding this vulnerability. If new critical information about this threat arises, Northwave will reach out immediately. We are continuously investigating based on these new developments to update our detection capabilities where possible. You can call us by phone or send us an email if you would like additional information.

Phone number: +31 (0)30-303 1244 (during business hours)
Do you have an incident right now? Call our Incident Response Team: 00800 1744 0000

Disclaimer applies, see below.

Sources

[1]: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-201a