Warning: critical vulnerability in Citrix Netscaler ADC and Netscaler Gateway exploited in the wild

Image
Decorative image
Gepubliceerd : 12/10/2023

Reference:
Advisory #2023-123

Version:
2.0

Affected software:
NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50
NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.15
NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.19
NetScaler ADC 13.1-FIPS before 13.1-37.164
NetScaler ADC 12.1-FIPS before 12.1-55.300
NetScaler ADC 12.1-NDcPP before 12.1-55.300

CVE/CVSS:
CVE-2023-4966: CVSS 9.4 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L)
CVE-2023-4967: CVSS 8.2 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H)

Sources

https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967

Risks

These vulnerabilities affect Citrix NetScaler ADC and NetScaler Gateway servers, when they are configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. Typically the NetScaler ADC and NetScaler Gateway is exposed to the public on the Internet.

CVE-2023-4966

This vulnerability can be remotely exploited by an attacker and could lead to sensitive information disclosure. The impact on the confidentiality and integrity is high.CVE-2023-4966 is being exploited in the wild on unmitigated appliances.

Update 23 November

After upgrading its is necessary to remove any active or persisten sessions as stated in the original advisory from CITRIX.
Tenable created a FAQ: https://www.tenable.com/blog/frequently-asked-questions-for-citrixbleed-cve-2023-4966

CVE-2023-4967
This vulnerability can be remotely exploited by an attacker and could lead to a Denial of Service (DoS). The impact on integrity Is low, and the impact on availability Is high.

Description

An attacker could exploit 2 vulnerabilities in Citrix Netscaler, to either leak information or bring down the system.
 

Recommended Actions

The Centre for Cyber Security Belgium strongly recommends to upgrade to the latest version as soon as possible. Make sure your systems run one of the following patched versions:

  • NetScaler ADC and NetScaler Gateway 14.1-8.50 and later releases
  • NetScaler ADC and NetScaler Gateway  13.1-49.15 and later releases of 13.1
  • NetScaler ADC and NetScaler Gateway 13.0-92.19 and later releases of 13.0 
  • NetScaler ADC 13.1-FIPS 13.1-37.164 and later releases of 13.1-FIPS 
  • NetScaler ADC 12.1-FIPS 12.1-55.300 and later releases of 12.1-FIPS 
  • NetScaler ADC 12.1-NDcPP 12.1-55.300 and later releases of 12.1-NDcPP

References