Skip to main content
Your feedback matters and will make a difference. Help us understand your digital experience by taking our 10 minute survey. Your responses are completely anonymous. Start the survey.

Citrix Releases Security Updates for Actively Exploited Vulnerabilities in NetScaler ADC and NetScaler Gateway

Two actively exploited vulnerabilities in NetScaler ADC and NetScaler Gateway could lead to remote code execution or denial-of-service

Threat ID:
CC-4439
Threat Severity:
Medium
Published:
18 January 2024 2:41 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Two actively exploited vulnerabilities in NetScaler ADC and NetScaler Gateway could lead to remote code execution or denial-of-service

Threat details

Reassessment of CVE-2023-6548 - 17 July 2024

Citrix originally published a security advisory for CVE-2023-6548 and CVE-2023-6549 in January 2024, and Cyber Alert CC-4439 was published with medium severity. The remediation is now out of date and affected organisations should follow the remediation in the new high severity Cyber Alert CC-4525.

The NHS England National Cyber Security Operations Centre (CSOC) is aware of intelligence provided by CrowdStrike that contrary to Citrix’s initial disclosure, the vulnerability known as CVE-2023-6548 does not require user privileges for exploitation. NHS England National CSOC now assesses CVE-2023-6548 as a critical vulnerability that can allow a remote, unauthenticated attacker to execute remote code on a vulnerable NetScaler Gateway or NetScaler ADC device.

CC-4525 was published at high severity reflecting the increased risk presented by the vulnerability and new remediation is given, which affected organisations must follow.

Introduction

Citrix have released a security bulletin addressing two vulnerabilities affecting NetScaler ADC and NetScaler Gateway.

CVE-2023-6548 has a CVSSv3 score of 5.5 and could allow an attacker to achieve authenticated (low privileged) remote code execution on the management interface. CVE-2023-6549 has a CVSSv3 score of 8.2 and could allow an attacker to achieve denial-of-service (DoS).

Additional vulnerability reported with proof-of-concept exploit code

A cyber security firm has released proof-of-concept exploit code for an out-of-bounds read vulnerability affecting Citrix Netscaler ADC and Gateway, version 13.1-50.23. An unauthenticated attacker could recover potentially sensitive data from memory.

No CVE identifier has been named and Citrix have not released an advisory for the vulnerability. The security firm reports that Citrix confirmed that the latest version 13.1-51.15 was unaffected.

Affected organisations with vulnerable versions are strongly encouraged to apply security updates as soon as practicable.

Exploitation of CVE-2023-6548 and CVE-2023-6549

Citrix have reported that CVE-2023-6548 and CVE-2023-6549 are actively being exploited in the wild

Threat updates

Date Update
18 Jul 2024 New high severity Cyber Alert issued for CVE-2023-6548

New information box created with information about CC-4525
7 May 2024 Additional vulnerability reported with proof-of-concept released

This cyber alert has been updated with this information.

Remediation advice

Affected organisations are encouraged to review Citrix Security Bulletin CTX584986 and apply the relevant updates.

Last edited: 18 July 2024 11:38 am