A critical pre-authentication vulnerability in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) is currently being exploited by threat actors who have been able to execute code with zero credentials.
Threat Name: CVE-2023-3519
Risk Factor: Critical
Date: July 2023
Get Help Now
Solace Cyber security specialists can secure your estate with patching and conduct forensic analysis.
What we know so far about the Citrix vulnerability
A critical pre-authentication vulnerability in the NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) was discovered in the first week of July. This vulnerability is currently being exploited by threat actors and has been tracked as CVE-2023-3519, which carries a 9.8 CVSS.
This has led Citrix to issue updates for affected products – it’s recommended that all those affected install the updates immediately.
How the Zero Day Exploit CVE-2023-3519 works
The vulnerability allows an attacker with zero credentials to execute code. There is no need for an attacker to worry about MFA in this scenario as its pre-authentication.
The following supported versions of NetScaler ADC and NetScaler Gateway are affected by the vulnerabilities:
- NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.13
- NetScaler ADC and NetScaler Gateway 13.0 before 13.0-91.13
- NetScaler ADC 13.1-FIPS before 13.1-37.159
- NetScaler ADC 12.1-FIPS before 12.1-55.297
- NetScaler ADC 12.1-NDcPP before 12.1-55.297
Note: NetScaler ADC and NetScaler Gateway version 12.1 is now End Of Life (EOL) and is vulnerable.
Solace Cyber recommendations
It is advisable to patch the system immediately and search for any web shells that may have been created, as this vulnerability has been used maliciously. The following guidance is recommended:
Step 1) Review edited files within:
Step 2) Review HTTP error log files
Step 3) Review shell log files
If no exploitation can be found, then proceed with updating the following to the latest versions of Netscaler ADC (Citrix ADC) and Netscaler Gateway (Citrix Gateway)
- NetScaler ADC and NetScaler Gateway – 13.1-49.13 and later releases
- NetScaler ADC and NetScaler Gateway – 13.0-91.13 and later
- NetScaler ADC 13.1-FIPS – 13.1-37.159 and later
- NetScaler ADC 12.1-FIPS – 12.1-55.297 and later NetScaler ADC 12.1-NDcPP – 12.1-55.297 and later
Solace Cyber can support your efforts in upgrading to the latest software versions. Additionally, our cyber security specialists can conduct forensic analysis to detect and determine the cause of a security incident and support recovery plans.
Speak to a cyber security specialist
Solace Cyber offers expert assistance with critical pre-authentication vulnerabilities