Overview of CVE-2023-3519 Vulnerability

A recent Citrix alert warns of multiple vulnerabilities impacting Citrix Netscaler AD and NetScaler Gateway products. Of those vulnerabilities, only CVE-2023-3519 is of critical severity, with a CVSS score of 9.8. CVE-2023-3519 is an unauthenticated remote code execution (RCE) vulnerability that is now being exposed in the wild and could potentially affect multiple versions of Citrix.

Given that CVE-2023-3519 allows threat actors to drop a web shell in an environment, the vulnerability provides specific access to perform discovery, exfiltration, and other follow-on activity. There is now a patch available through Citrix to mitigate the threat.

What Appliance Versions Does CVE-2023-3519 Affect?

According to CISA, only those appliances set up as a Gateway (whether it is VPN virtual server, ICA Proxy, CVPN, or RDP Proxy) or as an AAA (authentication, authorization, and auditing) virtual server are vulnerable to exploitation.

The NetScaler ADC and NetScaler Gateway versions impacted by the vulnerability include the following:

  • NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.13
  • NetScaler ADC and NetScaler Gateway 13.0 before 13.0-91.13
  • NetScaler ADC and NetScaler Gateway version 12.1, now end of life
  • NetScaler ADC 13.1-FIPS before 13.1-37.159
  • NetScaler ADC 12.1-FIPS before 12.1-65.36
  • NetScaler ADC 12.1-NDcPP before 12.65.36

 
Installing the following software versions as soon as possible is essential to mitigate the vulnerability within your environment. You can follow the steps outlined in Citrix’s Security Bulletin.

What Software Versions Mitigate the CVE-2023-3519 Vulnerability?

  • The software versions needed to mitigate the vulnerability include:
  • NetScaler ADC and NetScaler Gateway 13.1-49.13 and later releases
  • NetScaler ADC and NetScaler Gateway 13.0-91.13  and later releases of 13.0
  • NetScaler ADC 13.1-FIPS 13.1-37.159 and later releases of 13.1-FIPS
  • NetScaler ADC 12.1-FIPS 12.1-55.297 and later releases of 12.1-FIPS
  • NetScaler ADC 12.1-NDcPP 12.1-55.297 and later releases of 12.1-NDcPP

 
Citrix is notifying customers and channel partners about this potential security issue through its security bulletin on the Citrix Knowledge Center at https://support.citrix.com/securitybulletins.

Managing the Security of Your Applications

If your organization could use assistance managing the security of its IT devices and applications, contact M.A. Polce today. M.A. Polce is a leading provider of managed IT and cybersecurity services in New York State. By outsourcing technology tasks to a company like M.A. Polce, your organization can focus on core business objectives while ensuring its security is modern and comprehensive.

Sources

https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467?utm_campaign=2023_threat_updates&utm_medium=email&_hsmi=267255091&_hsenc=p2ANqtz–XCzQw_EcwewFKrfzNtGrGLQfscdyGxkxp4dUFJBZhssCuY94HRgiRfPbeE616lUbJnVtWUHe1-jKduUKo9yikbd5OLQ&utm_content=267255091&utm_source=hs_email

https://thehackernews.com/2023/07/zero-day-attacks-exploited-critical.html