Citrix is warning of two zero-day security vulnerabilities in NetScaler ADC (previously Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that are getting actively exploited in the wild.
The flaws are stated beneath –
- CVE-2023-6548 (CVSS rating: 5.5) – Authenticated (low privileged) remote code execution on Administration Interface (needs entry to NSIP, CLIP, or SNIP with administration interface accessibility)
- CVE-2023-6549 (CVSS score: 8.2) – Denial-of-provider (demands that the appliance be configured as a Gateway or authorization and accounting, or AAA, virtual server)
The subsequent buyer-managed versions of NetScaler ADC and NetScaler Gateway are impacted by the shortcomings –
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
- NetScaler ADC and NetScaler Gateway 14.1 before 14.1-12.35
- NetScaler ADC and NetScaler Gateway 13.1 before 13.1-51.15
- NetScaler ADC and NetScaler Gateway 13.0 before 13.-92.21
- NetScaler ADC and NetScaler Gateway version 12.1 (presently conclusion-of-life)
- NetScaler ADC 13.1-FIPS prior to 13.1-37.176
- NetScaler ADC 12.1-FIPS just before 12.1-55.302, and
- NetScaler ADC 12.1-NDcPP prior to 12.1-55.302
“Exploits of these CVEs on unmitigated appliances have been observed,” Citrix stated, devoid of sharing any extra details. People of NetScaler ADC and NetScaler Gateway model 12.1 are suggested to enhance their appliances to a supported version that patches the flaws.
It is really also recommended to not expose the management interface to the internet to lessen the risk of exploitation.
In recent months, various security vulnerabilities in Citrix appliances (CVE-2023-3519 and CVE-2023-4966) have been weaponized by menace actors to drop web shells and hijack present authenticated classes.
VMware Fixes Critical Aria Automation Flaw
The disclosure arrives as VMware alerted shoppers of a critical security vulnerability in Aria Automation (beforehand vRealize Automation) that could allow an authenticated attacker to attain unauthorized accessibility to distant organizations and workflows.
The issue has been assigned the CVE identifier CVE-2023-34063 (CVSS rating: 9.9), with the Broadcom-owned virtualization expert services service provider describing it as a “lacking obtain command” flaw.
Commonwealth Scientific and Industrial Investigation Organization’s (CSIRO) Scientific Computing Platforms team has been credited with identifying and reporting the security vulnerability.
The variations impacted by the vulnerability are presented beneath –
- VMware Aria Automation (8.11.x, 8.12.x, 8.13.x, and 8.14.x)
- VMware Cloud Basis (4.x and 5.x)
“The only supported update route just after making use of the patch is to version 8.16,” VMware stated. “If you enhance to an intermediate edition, the vulnerability will be reintroduced, necessitating an additional round of patching.”
Atlassian Discloses Critical Code Execution Bug
The progress also follows Atlassian’s launch of patches for more than two dozen vulnerabilities, together with a critical distant code execution (RCE) flaw impacting Confluence Knowledge Centre and Confluence Server.
The vulnerability, CVE-2023-22527, has been assigned a CVSS rating of 10., indicating utmost severity. It affects variations 8..x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, and 8.5.-8.5.3. It’s worthy of noting that 7.19.x LTS variations are not influenced by the vulnerability.
“A template injection vulnerability on out-of-day versions of Confluence Facts Heart and Server enables an unauthenticated attacker to achieve RCE on an affected variation,” the Australian firm said.
The issue has been addressed in versions 8.5.4, 8.5.5 (Confluence Info Center and Server), 8.6., 8.7.1, and 8.7.2 (Info Center only). People who are on out-of-day circumstances are proposed to update their installations to the most current model offered.
Observed this posting appealing? Abide by us on Twitter and LinkedIn to examine extra unique articles we publish.
Some areas of this short article are sourced from:
thehackernews.com