The cyber security world has been abuzz with the emergence of critical zero-day vulnerabilities in Citrix NetScaler ADC and Gateway. Among these, CVE-2023-6548 and CVE-2023-6549 have garnered significant attention, with the latter of these particularly concerning due to its severity and potential impact.
Here’s everything you need to know about CVE-2023-6549, which has also been included in CISA’s KEV catalog:
What is CVE-2023-6549?
CVE-2023-6549 is a high-severity vulnerability with a CVSS score of 8.2, classified as a denial-of-service (DoS) issue. It affects Citrix NetScaler ADC and Gateway appliances when configured as a Gateway or AAA virtual server. This vulnerability allows unauthenticated attackers to disrupt services, posing a significant risk to organizations relying on these appliances for secure network operations
Does it affect me?
This vulnerability is pertinent to organizations using specific versions of NetScaler ADC and NetScaler Gateway. If you are utilizing any of the following versions, your system might be at risk:
- NetScaler ADC and NetScaler Gateway 14.1 before 14.1-12.35
- NetScaler ADC and NetScaler Gateway 13.1 before 13.1-51.15
- NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.21
- NetScaler ADC 13.1-FIPS before 13.1-37.176
- NetScaler ADC 12.1-FIPS before 12.1-55.302
- NetScaler ADC 12.1-NDcPP before 12.1-55.302
Notably, version 12.1 is now End Of Life (EOL) and particularly vulnerable.
Has CVE-2023-6549 been actively exploited in the wild?
Yes, CVE-2023-6549 has been exploited actively. While specific details about these exploits are not widely available, the urgency of the situation is underscored by Citrix’s prompt release of security updates and the recommendations by cybersecurity experts to apply these patches immediately.
To mitigate the risks associated with CVE-2023-6549, Citrix has released patches for the affected versions. It’s imperative for organizations to update their systems to the following versions as soon as possible:
- NetScaler ADC and NetScaler Gateway 14.1-12.35 and later releases
- NetScaler ADC and NetScaler Gateway 13.1-51.15 and later releases of 13.1
- NetScaler ADC and NetScaler Gateway 13.0-92.21 and later releases of 13.0
- NetScaler ADC 13.1-FIPS 13.1-37.176 and later releases of 13.1-FIPS
- NetScaler ADC 12.1-FIPS 12.1-55.302 and later releases of 12.1-FIPS
- NetScaler ADC 12.1-NDcPP 12.1-55.302 and later releases of 12.1-NDcPP
In addition, Citrix advises against exposing the management interface of these appliances to the internet and recommends segregating network traffic to the appliance’s management interface, either physically or logically, from normal network traffic.
Each new vulnerability is a reminder of where we stand and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors: