Citrix Netscaler Vulnerability

URGENT! Security Vulnerabilities in Citrix Netscaler ADC & Gateway - Immediate action required! 
Speak With An IT Expert

ATTENTION: Multiple vulnerabilities have been discovered in Citrix NetScaler ADC & NetScaler Gateway. Immediate action is required. READ ABOUT IT

At Forthright, your security and user experience is paramount to us.  When a risk like this is discovered, we reach out to our clients and contacts to make sure they understand the risk and how to mitigate it. Today is one of those days where a recent discovery compels us to share what we know with you. For those who need help, we are here to guide you through the process.

WHAT IS GOING ON:

According to Citrix, CVE-2023-3519 is being exploited on unmitigated appliances. An attacker can exploit one of these vulnerabilities to take control of an affected system. Learn more.

Citrix has released security updates to address vulnerabilities (CVE-2023-3519, CVE-2023-3466, and CVE-2023-3467) affecting NetScaler ADC and NetScaler Gateway. Citrix support bulletin.

The impacted versions are:

  • NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.13
  • NetScaler ADC and NetScaler Gateway 13.0 before 13.0-91.13
  • NetScaler ADC 13.1-FIPS before 13.1-37.159
  • NetScaler ADC 12.1-FIPS before 12.1-55.297
  • NetScaler ADC 12.1-NDcPP before 12.1-55.297

(Note: NetScaler ADC and NetScaler Gateway version 12.1 have reached the end-of-life stage and require upgrading to a newer variant of the product.)

If you think you’ve been breached, book a discovery call with Forthright immediately!

 

WHAT TO DO:

All impacted devices must be IMMEDIATELY patched, remediated or shutdown. Affected customers of NetScaler ADC and NetScaler Gateway should install the relevant updated versions as soon as possible. Advisory from Citrix.

We recommend you check the following before applying the patches:

  1. Check your system for the presence of suspicious files/webshells
  2. Check the HTTP error logs for irregularities that may indicate exploitation of a vulnerability
  3. Check shell logs for unusual commands
  4. Check for suspicious files with the setuid bit

If you aren’t sure if you are affected, need assistance with the patches/remediation, or if you have any questions/concerns, please book a meeting with the Forthright team using the button above.

 

HOW FORTHRIGHT CAN HELP:

Our team of Citrix product experts is ready to help you with this critical issue. We have 15-hour blocks of engineering hours called ETUs that can be used for remediation assistance. Purchase ETUs now with the button below to expedite the process and we’ll reach out to you immediately to get started.

Do not ignore this issue! The Forthright team is standing by to help you regain security in your environment. MEET WITH FORTHRIGHT

 

 

Meeting link: https://success.forthright.com/meetings/matt-mckinnon/citrix-questions-issues
ETU link: https://app.hubspot.com/payments/TGhjVMB6Qq?referrer=PAYMENT_LINK

Further reading