Citrix warns of new Netscaler zero-days exploited in attacks

Citrix warns of new Netscaler zero-days exploited in attacks

January 16, 2024 at 03:33PM

Citrix has warned customers to immediately patch their vulnerable Netscaler ADC and Gateway appliances against actively exploited zero-day vulnerabilities (CVE-2023-6548 and CVE-2023-6549). The company advises blocking network traffic to affected instances if updates cannot be deployed immediately, and separating the management interface from internet exposure to reduce the risk of exploitation. This follows recent attacks against government and tech organizations.

Here’s a summary of the meeting notes:

– Citrix has urged customers to immediately patch Netscaler ADC and Gateway appliances against two actively exploited zero-day vulnerabilities, tracked as CVE-2023-6548 and CVE-2023-6549.
– These vulnerabilities impact the Netscaler management interface, and exploitation can lead to remote code execution and denial-of-service attacks.
– The vulnerabilities affect specific Netscaler product versions, listed in the notes.
– Only customer-managed NetScaler appliances are impacted, while Citrix-managed cloud services or Citrix-managed Adaptive Authentication are not affected.
– Admins are advised to immediately patch their Netscaler appliances, and those using EOL software were advised to upgrade to a supported version.
– If immediate deployment of security updates is not possible, network traffic to affected instances should be blocked, and the management interface should not be exposed to the internet.
– Another critical Netscaler flaw patched in October, tracked as CVE-2023-4966, was also exploited as a zero-day and impacted government organizations and high-profile tech companies.
– The Health Sector Cybersecurity Coordination Center (HC3) has issued a sector-wide alert urging health organizations to secure their NetScaler ADC and NetScaler Gateway instances against ransomware attacks.

Let me know if you need any further information or assistance.

Full Article