Login

CVE-2023-3519

Cyber Security Alert: Citrix ADC and Gateway – Pre-Authentication RCE

digital globe

A critical pre-authentication vulnerability in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) is currently being exploited by threat actors who have been able to execute code with zero credentials.

Threat Name: CVE-2023-3519

Risk Factor: Critical

Date: July 2023

Get Help Now

Solace Cyber security specialists can secure your estate with patching and conduct forensic analysis.

BOOK A CALL

What we know so far about the Citrix vulnerability

A critical pre-authentication vulnerability in the NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) was discovered in the first week of July. This vulnerability is currently being exploited by threat actors and has been tracked as CVE-2023-3519, which carries a 9.8 CVSS.

This has led Citrix to issue updates for affected products – it’s recommended that all those affected install the updates immediately.

How the Zero Day Exploit CVE-2023-3519 works

The vulnerability allows an attacker with zero credentials to execute code. There is no need for an attacker to worry about MFA in this scenario as its pre-authentication.  

The following supported versions of NetScaler ADC and NetScaler Gateway are affected by the vulnerabilities: 

  • NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.13 
  • NetScaler ADC and NetScaler Gateway 13.0 before 13.0-91.13 
  • NetScaler ADC 13.1-FIPS before 13.1-37.159
  • NetScaler ADC 12.1-FIPS before 12.1-55.297
  • NetScaler ADC 12.1-NDcPP before 12.1-55.297

Note: NetScaler ADC and NetScaler Gateway version 12.1 is now End Of Life (EOL) and is vulnerable. 

Solace Cyber recommendations

It is advisable to patch the system immediately and search for any web shells that may have been created, as this vulnerability has been used maliciously. The following guidance is recommended:

Step 1) Review edited files within:

  • “/netscaler/ns_gui/”
  • “/var/vpn/”
  • “/var/netscaler/logon/”
  • “/var/python/”

Step 2) Review HTTP error log files

Step 3) Review shell log files

If no exploitation can be found, then proceed with updating the following to the latest versions of Netscaler ADC (Citrix ADC) and Netscaler Gateway (Citrix Gateway)

  • NetScaler ADC and NetScaler Gateway – 13.1-49.13 and later releases
  • NetScaler ADC and NetScaler Gateway – 13.0-91.13 and later
  • NetScaler ADC 13.1-FIPS – 13.1-37.159 and later
  • NetScaler ADC 12.1-FIPS – 12.1-55.297 and later NetScaler ADC 12.1-NDcPP – 12.1-55.297 and later

Solace Cyber can support your efforts in upgrading to the latest software versions. Additionally, our cyber security specialists can conduct forensic analysis to detect and determine the cause of a security incident and support recovery plans.

Speak to a cyber security specialist

Solace Cyber offers expert assistance with critical pre-authentication vulnerabilities