Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerabilities in Citrix Netscaler ADC and Netscaler Gateway
Alerts

Critical Vulnerabilities in Citrix Netscaler ADC and Netscaler Gateway

19 July 2023

17 Aug 2023 Update

Mandiant has released a scanning tool (https://github.com/mandiant/citrix-ioc-scanner-cve-2023-3519) that enables organisations to examine their Citrix ADC and Citrix Gateway devices for evidence of post-exploitation activity related to CVE-2023-3519.

The tool is designed to be used with Citrix ADC and Citrix Gateway versions 12.0, 12.1, 13.0, and 13.1.

It should be noted that installation of security updates addressing CVE-2023-3519 does not remove any malware from systems that were compromised before the updates were installed. As such, users and administrators of Citrix ADC and Citrix Gateway devices may wish to use the tool to examine their devices for signs of compromise, if the devices were vulnerable and exposed to the Internet for any period of time.

If you discover that your device has been compromised, please consider sharing the information with SingCERT at https://go.gov.sg/singcert-incident-reporting-form.

More information is available here:
https://www.mandiant.com/resources/blog/citrix-adc-vulnerability-ioc-scanner

*****

Citrix has released security updates to address critical vulnerabilities (CVE-2023-3519, CVE-2023-3466 and CVE-2023-3467) in their Netscaler Application Delivery Controller (ADC) and Netscaler Gateway products. CVE-2023-3519 has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10.

The critical vulnerabilities are:

  • CVE-2023-3519: Successful exploitation of this vulnerability may allow a remote attacker to perform unauthenticated remote code execution if the appliance is configured as a gateway or as an authentication, authorisation, and accounting (AAA) server

  • CVE-2023-3466: Reflected cross-site scripting (XSS) vulnerability that can be exploited if a victim loads a link in the browser from an attacker and the vulnerable appliance is reachable from the same network

  • CVE-2023-3467: An attacker with authenticated and management interface access to Netscaler IP (NSIP) or Subnet IP (SNIP) can escalate privileges to root administrator (nsroot)

The following products are affected by the vulnerabilities:

  • NetScaler ADC and NetScaler Gateway 13.1-49.13 and later releases

  • NetScaler ADC and NetScaler Gateway 13.0-91.13 and later releases of 13.0 

  • NetScaler ADC 13.1-FIPS 13.1-37.159 and later releases of 13.1-FIPS 

  • NetScaler ADC 12.1-FIPS 12.1-55.297 and later releases of 12.1-FIPS 

  • NetScaler ADC 12.1-NDcPP 12.1-55.297 and later releases of 12.1-NDcPP

NetScaler ADC and NetScaler Gateway version 12.1 has reached End Of Life (EOL). Users and administrators of affected EOL products are advised to upgrade their appliances to a supported version to address the vulnerabilities.

Users and administrators of affected products are advised to update to the latest versions immediately.

More information is available here:
https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467

Back to top