Voyager18 (research)

Zero-day exploited: How to fix CVE-2023-6549 in Citrix products

Explore the most important aspects of CVE-2023-6549, a zero-day vulnerability already exposed in Citrix NetScaler ADC and Gateway.

Orani Amroussi | January 22, 2024

The cyber security world has been abuzz with the emergence of critical zero-day vulnerabilities in Citrix NetScaler ADC and Gateway. Among these, CVE-2023-6548 and CVE-2023-6549 have garnered significant attention, with the latter of these particularly concerning due to its severity and potential impact.

Here’s everything you need to know about CVE-2023-6549, which has also been included in CISA’s KEV catalog:

What is CVE-2023-6549?

CVE-2023-6549 is a high-severity vulnerability with a CVSS score of 8.2, classified as a denial-of-service (DoS) issue. It affects Citrix NetScaler ADC and Gateway appliances when configured as a Gateway or AAA virtual server. This vulnerability allows unauthenticated attackers to disrupt services, posing a significant risk to organizations relying on these appliances for secure network operations.

Does it affect me?

This vulnerability is pertinent to organizations using specific versions of NetScaler ADC and NetScaler Gateway. If you are utilizing any of the following versions, your system might be at risk:

  • NetScaler ADC and NetScaler Gateway 14.1 before 14.1-12.35
  • NetScaler ADC and NetScaler Gateway 13.1 before 13.1-51.15
  • NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.21
  • NetScaler ADC 13.1-FIPS before 13.1-37.176
  • NetScaler ADC 12.1-FIPS before 12.1-55.302
  • NetScaler ADC 12.1-NDcPP before 12.1-55.302

Notably, version 12.1 is now End Of Life (EOL) and particularly vulnerable.



Has CVE-2023-6549 been actively exploited in the wild?

Yes, CVE-2023-6549 has been exploited actively. While specific details about these exploits are not widely available, the urgency of the situation is underscored by Citrix’s prompt release of security updates and the recommendations by cybersecurity experts to apply these patches immediately.

Fixing CVE-2023-6549

To mitigate the risks associated with CVE-2023-6549, Citrix has released patches for the affected versions. It’s imperative for organizations to update their systems to the following versions as soon as possible:

  • NetScaler ADC and NetScaler Gateway 14.1-12.35 and later releases
  • NetScaler ADC and NetScaler Gateway 13.1-51.15 and later releases of 13.1
  • NetScaler ADC and NetScaler Gateway 13.0-92.21 and later releases of 13.0
  • NetScaler ADC 13.1-FIPS 13.1-37.176 and later releases of 13.1-FIPS
  • NetScaler ADC 12.1-FIPS 12.1-55.302 and later releases of 12.1-FIPS
  • NetScaler ADC 12.1-NDcPP 12.1-55.302 and later releases of 12.1-NDcPP

In addition, Citrix advises against exposing the management interface of these appliances to the internet and recommends segregating network traffic to the appliance’s management interface, either physically or logically, from normal network traffic.

Next steps 

Each new vulnerability is a reminder of where we stand and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors: 

  1. 2023 Vulnerability watch reports 
  2. MITRE ATTACK framework – Mapping techniques to CVEs  
  3. The true impact of exploitable vulnerabilities for 2024
  4. MITRE’s CWE Top 10 KEV Weaknesses: What we learned
  5. How to properly tackle zero-day threats

Free for risk owners

Set up in minutes to aggregate and prioritize cyber risk across all your assets and attack vectors.

"Idea for an overwhelmed secops/security team".

Name Namerson
Head of Cyber Security Strategy