Skip to content
arrow-alt-circle-up icon

Cyber Incident Call

arrow-alt-circle-up icon

00800 1744 0000

arrow-alt-circle-up icon

See all Threat Responses

Date: 18-07-2023

Dear Reader,

On Tuesday 18 July 2023, Citrix released updates for three vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). We recommend installing these updates as soon as possible.[1] The most pressing vulnerability is an unauthenticated Remote Code Execution for which Citrix has observed exploitation in the wild.

Description

NetScaler Gateway is an on-premise solution for remote access of applications and resources [2]. NetScaler ADC is an Application Delivery Controller which can be used to monitor and manage application delivery. It gives insight in details of the ADC infrastructure like application performance, health and security [3].

The 3 discovered vulnerabilities are as follows:

  • CVE-2023-3466 - Reflected Cross-Site Scripting

  • CVE-2023-3467 - Privilege Escalation to root administrator (nsroot)

  • CVE-2023-3519 - Unauthenticated remote code execution

These vulnerabilities represent a critical risk on the affected infrastructure. Unauthenticated remote code execution could result in data theft, account hijacking and the deployment of ransomware.

According to Citrix, the following supported versions of the aforementioned products are affected by these vulnerabilities:

  • NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.13 

  • NetScaler ADC and NetScaler Gateway 13.0 before 13.0-91.13 

  • NetScaler ADC 13.1-FIPS before 13.1-37.159

  • NetScaler ADC 12.1-FIPS before 12.1-65.36 

  • NetScaler ADC 12.1-NDcPP before 12.65.36

As this vulnerability only applies to customer-managed NetScaler ADC and NetScaler Gateway, customers using Citrix-managed cloud services or Citrix-managed Adaptive Authentication do not need to take any action. 

Impact

We determine the impact of these vulnerabilities to be HIGH.

The Remote Code Execution vulnerability allows attackers to gain access to the appliance. From there, they can perform follow-up attacks on the network which could lead to the execution of a ransomware attack.

Risk

We determine the risk of these vulnerabilities as HIGH due to the widespread use of NetScaler software. The primary risks associated with these vulnerabilities are related to unauthorised access to your environment, sensitive data exfiltration and privilege escalation. At the time of writing, exploits of CVE-2023-3519 (Unauthenticated Remote Code Execution) on unmitigated appliances have been observed by Citrix [4].

Mitigation

NetScaler has already released updates for these vulnerabilities. Northwave recommends for users of the vulnerable versions of Netscaler Gateway and Netscaler ADC to update to the following versions as soon as possible:

  • NetScaler ADC and NetScaler Gateway 13.1-49.13  and later releases

  • NetScaler ADC and NetScaler Gateway 13.0-91.13  and later releases of 13.0  

  • NetScaler ADC 13.1-FIPS 13.1-37.159 and later releases of 13.1-FIPS  

  • NetScaler ADC 12.1-FIPS 12.1-65.36 and later releases of 12.1-FIPS  

  • NetScaler ADC 12.1-NDcPP 12.1-65.36 and later releases of 12.1-NDcPP 

What should you do?

We recommend customers using the above mentioned vulnerable versions of NetScaler Gateway and NetScaler ADC to update their software as soon as possible.

What will Northwave do?

Northwave continuously monitor any developments regarding this vulnerability. If new critical information about this threat arises, Northwave will reach out immediately. We will also investigate whether any additional action can be taken based upon available information within our monitoring services.

You can call us by phone or send us an email if you would like additional information.

Phone number: +31 (0)30-303 1244 (during business hours)E-mail: soc@northwave.nlDo you have an incident right now? Call our CERT number: +31 (0)85 043 7909

 

Disclaimer applies, see below.

 

Sources

[1] https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467

[2] https://www.citrix.com/nl-nl/products/citrix-gateway/

[3] https://www.citrix.com/nl-nl/products/citrix-application-delivery-management/

[4] https://advisories.ncsc.nl/advisory?id=NCSC-2023-0353

 

Disclaimer

Northwave has made every effort to make this information accurate and reliable. However, the information provided is without warranty of any kind and its use is at the sole risk of the user. Northwave does not accept any responsibility or liability for the accuracy, content, completeness, legality or reliability of the information provided. We shall not be liable for any loss or damage of whatever nature, direct or indirect, consequential or other, whether arising in contract, tort or otherwise, which may arise as a result of your use of, or inability to use, this information or any additional information provided by us in direct or indirect relation to the information provided here.