Citrix, the renowned software company, recently patched three significant vulnerabilities (CVE-2023-3519, CVE-2023-3466, and CVE-2023-3467) in its products, NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). One of these, CVE-2023-3519, is a critical zero-day vulnerability, currently being exploited by attackers.
Here’s everything you need to know about CVE-2023-3519:
What is CVE-2023-3519?
CVE-2023-3519 is a Remote Code Execution (RCE) vulnerability, potentially allowing an unauthenticated threat actor to execute arbitrary code on a vulnerable server. This particular vulnerability, as of now, has been seen to affect servers configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. It is important to note that currently, there is no public Proof of Concept (PoC) available.
Does it affect me?
To understand if this vulnerability affects you, it’s essential to identify if you’re using any of the following versions of NetScaler ADC and NetScaler Gateway, as these have been flagged by Citrix as affected by the three patched vulnerabilities:
NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.13
NetScaler ADC and NetScaler Gateway 13.0 before 13.0-91.13
NetScaler ADC 13.1-FIPS before 13.1-37.159
NetScaler ADC 12.1-FIPS before 12.1-55.297
NetScaler ADC 12.1-NDcPP before 12.1-55.297
Additionally, it is essential to note that version 12.1 of both NetScaler ADC and NetScaler Gateway have reached end-of-life, making them particularly vulnerable and necessitating their update to a supported version as soon as possible.
However, if you’re using Citrix-managed cloud services or Citrix-managed Adaptive Authentication, you are not required to take any action.
Has CVE-2023-3519 been actively exploited in the wild?
Yes, the CVE-2023-3519 vulnerability has indeed been actively exploited in the wild. Although there is no public PoC at present, the vulnerability’s exploitation has been observed, increasing the urgency to apply the available patches.
How to fix CVE-2023-3519
In response to these vulnerabilities, Citrix has promptly provided fixes for all affected versions, including the later releases. Therefore, the immediate action to take is to apply these patches to your Citrix installations if they fall within the affected versions.
Moreover, it is strongly recommended to upgrade NetScaler ADC and NetScaler Gateway version 12.1 to a supported version, considering its end-of-life status.
Citrix also plans to release a document containing indicators of compromise and related information, which enterprise admins can use to check if their Citrix systems have been compromised.
Next steps
Each new vulnerability is a reminder of where we stand, and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors:
