Over 15000+ Citrix Servers Vulnerable to Code Injection Attacks

by Esmeralda McKenzie
Over 15000+ Citrix Servers Vulnerable to Code Injection Attacks

Over 15000+ Citrix Servers Vulnerable to Code Injection Attacks

Over 15000+ Citrix Servers Inclined

Resulting from an unauthenticated critical RCE bug, formerly exploited as a 0-day in the wild by the possibility actors, hundreds of Citrix Netscaler ADC and Gateway servers were exposed.

Risk actors exploited this zero-day vulnerability in June 2023 to tumble a web shell on a critical infrastructure organization’s NetScaler ADC, leading to AD data exfiltration.

On the different hand, at this point, the lateral motion of the possibility actors to the arena controller change into prevented by the efficient network segmentation controls on the application.

Cyber security researchers at Shadowserver Foundation currently printed that over 15000 Critix servers are inclined to this critical code injection attack which is tracked as CVE-2023-3519, and no longer finest that, even the Cybersecurity and Infrastructure Security Agency (CISA) additionally released a Cybersecurity Advisory (CSA).

Qk1dAaF8PoxjcoFBPLnCHNwjfq4Zt85fem3ZPgaf2TnBVQtF9Jx2hqTR2UO ODa VYYanxv9eANzrezx2262P3IJ7dw1g3vh3Wgkfku76evmR74tx0h1F MhXnMhrXqxfv2FqCLe0
Citrix Servers Inclined Plan (Source – Shadowserver)

Flaw Profile

  • CVE ID: CVE-2023-3519
  • Description: Unauthenticated a long way-off code execution
  • CWE: CWE-94
  • CVSS Ranking: 9.8
  • Pre-requisite: Equipment needs to be configured as a Gateway (VPN digital server, ICA Proxy, CVPN, RDP Proxy) or AAA digital server

Affected Variations of NetScaler ADC & NetScaler Gateway

Here below, now we delight in mentioned all the affected versions of the NetScaler ADC and NetScaler Gateway:-

  • NetScaler ADC and NetScaler Gateway 13.1 sooner than 13.1-49.13
  • NetScaler ADC and NetScaler Gateway 13.0 sooner than 13.0-91.13
  • NetScaler ADC and NetScaler Gateway version 12.1, now discontinuance of lifestyles
  • NetScaler ADC 13.1-FIPS sooner than 13.1-37.159
  • NetScaler ADC 12.1-FIPS sooner than 12.1-65.36
  • NetScaler ADC 12.1-NDcPP sooner than 12.65.36

Exploitation and Patch

On July 18th, Citrix urgently released security updates for the RCE vulnerability (CVE-2023-3519) after staring at exploits on unmitigated appliances, urging rapid patch installation.

The zero-day RCE (CVE-2023-3519) for Citrix ADC change into likely circulating online from early July when a possibility actor advertised it on a hacker or darkish web discussion board.

Besides this, Citrix additionally addressed two a form of excessive-severity flaws tracked as CVE-2023-3466 and CVE-2023-3467 on the same day – one enabling XSS assaults and the a form of granting root permissions.

The 2d flaw, with higher influence, requires authenticated access by IP (NSIP) or SubNet IP (SNIP) to the inclined appliances’ management interface.

Whereas the original explain from the CISA mandates the U.S. federal agencies to straight obtain Citrix servers towards ongoing assaults by the 9th of August after the bug change into exploited to breach a critical infrastructure organization’s methods.

Source credit : cybersecuritynews.com

Related Posts