January 18, 2024 at 10:38AM
Two vulnerabilities in Citrix’s NetScaler ADC and Gateway products, CVE-2023-6548 and CVE-2023-6549, have been patched. The first allows remote code execution with authentication and access to specific IPs, while the second can lead to a denial-of-service attack. Customers are advised to update their affected products promptly to prevent exploitation.
Key takeaways from the meeting notes include:
1. Two vulnerabilities in NetScaler’s ADC and Gateway products have been fixed after being exploited by criminals.
2. CVE-2023-6548 allows remote code execution (RCE) and received a low CVSS rating of 5.5. The bug requires the attacker to be authenticated with low-level privileges and access to specific IP addresses.
3. CVE-2023-6549 could allow a denial-of-service attack and earned a CVSS rating of 8.2. A successful exploit requires specific configurations within the appliance.
4. Over 1,400 Netscaler management interfaces are exposed on the internet, posing a potential risk.
5. Customers are advised to update their vulnerable NetScaler ADC and NetScaler Gateway products to the latest versions to mitigate the risks. The vendor strongly recommends the immediate application of fixes.
6. The vulnerabilities do not apply to cloud-managed services but only affect customer-managed instances.
7. Citrix has addressed concerns regarding the vulnerabilities’ similarity to the Citrix Bleed zero-day and reassured that the latest security flaws do not allow for data exfiltration.
It’s crucial for organizations using these appliances in their networks to apply the available patches as soon as possible to mitigate potential risks.