Citrix products are under active hacking due to several zero-day vulnerabilities

Company Citrix warns users about a number of critical security bugs in NetScaler ADC And NetScaler Gatewaywhich, according to them, is actively used in the wild (ITW).

tracked as CVE-2023-3519 (grade CVSS 9.8) the vulnerability is related to the possibility of code injection, which can lead to the remote execution of arbitrary commands by an unauthorized attacker. The vulnerability was fixed in the latest version of the Citrix software, but still affects the following software versions:

• NetScaler ADC and NetScaler Gateway 13.1 to 13.1-49.13;
• NetScaler ADC and NetScaler Gateway 13.0 to 13.0-91.13;
• NetScaler ADC and NetScaler Gateway version 12.1 (expiring);
• NetScaler ADC 13.1-FIPS up to 13.1-37.159;
• NetScaler ADC 12.1-FIPS up to 12.1-55.297;
• NetScaler ADC 12.1-NDcPP to 12.1-55.297.

The company did not provide additional details about this vulnerability. However, it is now known for certain that the successful operation of CVE-2023-3519 requires that the device be configured as a gateway (virtual server VPN, ICA-proxy, CVPN, RDP-proxy) or a virtual authorization and accounting server (AAA).

Along with CVE-2023-3519, two other bugs were also identified and fixed:

• CVE-2023-3466 (CVSS score: 8.3) is an input validation vulnerability leading to a deflected cross-site scripting attack (XSS);
• CVE-2023-3467 (CVSS score: 8.0) is a privilege mismanagement vulnerability leading to privilege escalation to root administrator (nsroot).

NetScaler ADC and NetScaler Gateway version 12.1 customers are encouraged to update their devices to a supported version to mitigate potential threats.

This week turned out to be quite eventful on zero-day vulnerabilities. Just yesterday we wrote about the exploitation of critical vulnerabilities Adobe ColdFusion (CVE-2023-29298 and CVE-2023-38203) and plugin WooCommerce Payments for WordPress (CVE-2023-28121)