Title: Citrix Warns of Actively Exploited Critical Flaw in NetScaler ADC and Gateway
Date: Jul 19, 2023
Citrix has issued a security alert, urging users to address a critical security vulnerability in its NetScaler Application Delivery Controller (ADC) and Gateway products. The company revealed that this flaw is actively being exploited in the wild.
Tracked as CVE-2023-3519 (CVSS score: 9.8), the vulnerability involves code injection and could lead to unauthenticated remote code execution. The issue affects several versions of NetScaler ADC and Gateway, including some end-of-life versions.
Citrix has not provided specific details about the exploit, but it stated that successful exploitation requires the affected device to be configured as either a Gateway or an authorization and accounting virtual server.
In addition to CVE-2023-3519, Citrix has also addressed two other bugs, namely:
– CVE-2023-3466 (CVSS score: 8.3) – An improper input validation vulnerability that enables reflected cross-site scripting (XSS) attacks.
– CVE-2023-3467 (CVSS score: 8.0) – An improper privilege management vulnerability that allows privilege escalation to the root administrator (nsroot).
These vulnerabilities were reported by Wouter Rijkbost and Jorren Geurts of Resillion. Citrix has released patches to fix all three flaws in the affected versions of NetScaler ADC and Gateway.
Users of NetScaler ADC and Gateway version 12.1 are advised to upgrade their appliances to a supported version to mitigate potential threats.
This latest security alert from Citrix comes at a time when other notable vulnerabilities have been discovered and exploited, such as flaws in Adobe ColdFusion and the WooCommerce Payments WordPress plugin. The company emphasizes the importance of keeping WordPress plugins updated and secure to prevent complete compromise of websites.
It is crucial for users to stay vigilant and update their systems promptly to protect against these security vulnerabilities. Following the recommended cybersecurity practices will minimize the risk of falling victim to malicious activities.
For more exclusive content and cybersecurity news, follow us on Twitter (link: https://twitter.com/thehackersnews) and LinkedIn.
[End of article]