Today 17th Nov,2023, The National Cyber Security Coordinator Australia took to X (formerly known as Twitter) to alert entities using the Citrix NetScaler ADC about multiple vulnerabilities detected in Citrix Products. They urged these entities to immediately patch their systems.
The government institution also noted, that it has observed active exploitations of these vulnerabilities in Australia and warns that organizations that have not yet patched their Citrix Products, to be at a high risk of malicious actors gaining privileged access to their networks.
ASD’s ACSC stated that it:
” is aware of multiple vulnerabilities related to Citrix products, and we have seen active exploitations of vulnerabilities in this software in Australia.”
In addition, The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is tracking these vulnerabilities, which have been found in Citrix NetScaler ADC and NetScaler Gateway, both widely used in Australian networks. The discovery also, revealed significant exposure to these vulnerabilities, and the government agency warns that any future exploitation could have a detrimental impact on Australian systems and networks.
Furthermore, the report also highlighted successful exploitation of these vulnerabilities, specifically CVE-2023-3519 and CVE-2023-4966, in the wild, according to ASD’s ACSC.
THE VULNERABILITIES AND CVE-RECORDS:
The vulnerabilities associated with the CVE-record include:
- CVE-2023-3519, which allows malicious actors to execute code remotely without authentication. The attacker can configure the appliance as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy, or AAA virtual server).
- CVE-2023-3466, a reflected Cross-Site Scripting (XSS), which allows an attacker with network access and connectivity to the NISP to trick a victim into accessing a malicious link in their browser.
- CVE-2023-3467, a privilege escalation to root administrator (nsroot), by gaining authenticated access to NSIP, or SNIP with access to the management interface.
- CVE-2023-4966, which enables malicious actors to exploit a vulnerability to gain access to sensitive information disclosure and subsequently conduct session hijacking.
Citrix also, reported that NetScaler ADC and NetScaler Gateway version 12.1 are now End Of Life (EOL) and vulnerable. Users are advised to upgrade to a newer device.
MITIGATION AND UPDATES:
In response to these vulnerabilities, updates and patches have been released to secure these devices. The government institution advises customers of the NetScaler ADC and NetScaler Gateway to install the relevant patches corresponding to their products.
These updates include:
- NetScaler ADC and NetScaler Gateway 14.1-8.50 and later releases.
- NetScaler ADC and NetScaler Gateway 13.1-49.15 and later releases of 13.1.
- NetScaler ADC and NetScaler Gateway 13.0-92.19 and later releases of 13.0.
- NetScaler ADC 13.1-FIPS 13.1-37.164 and later releases of 13.1-FIPS.
- NetScaler ADC 12.1-FIPS 12-55.300 and later releases of 12.1-FIPS.
- NetScaler ADC 12.1-NDcPP 12.1-55.300 and later releases of 12.1-NDcPP.
ASD’s ACSC advises affected organizations to review these mitigations and apply the necessary updates. They should also monitor future patches and updates from Citrix NetScaler ADC and NetScaler Gateway.