Published On: Aug 02, 2023 13:57
Advisory No: TZCERT/SA/2023/08/02
Source: Citrix
Software Affected: Citrix ADC and Citrix Gateway
Advisory No: TZCERT/SA/2023/08/02
Date of First Release: 2nd August 2023
Source: Citrix
Software Affected: Citrix ADC and Citrix Gateway
Overview:
Citrix has released security patches to address critical vulnerabilities affecting the NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). These vulnerabilities could allow an attacker to execute arbitrary code.
Description:
Multiple vulnerabilities have been discovered in Citrix ADC and Citrix gateway which may be exploited to allow an attacker to execute arbitrary code to an affected system.
CVE-2023-3519 is a remote code execution (RCE) vulnerability that affects older installations of NetScaler ADC as well as NetScaler Gateway, which is an access gateway that provides VPN and single sign-on (SSO) capabilities for remote end users of network assets.
CVE 2023-3467 is a privilege escalation vulnerability that requires attackers to have unauthenticated access to the NSIP or subnet IP (SNIP) with management interface access, and allows for potential privilege elevation to root administrator access.
Impact:
Successful exploitation of this vulnerability may allow the attacker to control of the affected system.
Solution:
Citrix has released patches for this vulnerability. Users and administrators are encouraged to apply necessary updates.
References:
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.