Citrix is alerting end users of a critical security flaw in NetScaler Application Shipping and delivery Controller (ADC) and Gateway that it explained is getting actively exploited in the wild.
Tracked as CVE-2023-3519 (CVSS score: 9.8), the issue relates to a case of code injection that could end result in unauthenticated remote code execution. It impacts the subsequent variations –
- NetScaler ADC and NetScaler Gateway 13.1 right before 13.1-49.13
- NetScaler ADC and NetScaler Gateway 13. in advance of 13.-91.13
- NetScaler ADC and NetScaler Gateway edition 12.1 (now end-of-everyday living)
- NetScaler ADC 13.1-FIPS before 13.1-37.159
- NetScaler ADC 12.1-FIPS right before 12.1-55.297, and
- NetScaler ADC 12.1-NDcPP before 12.1-55.297
The company did not give further particulars on the flaw tied to CVE-2023-3519 other than to say that exploits for the flaw have been noticed on “unmitigated appliances.” Having said that, productive exploitation calls for the product to be configured as a Gateway (VPN digital server, ICA Proxy, CVPN, RDP Proxy) or authorization and accounting (AAA) virtual server.
Also dealt with along with CVE-2023-3519 are two other bugs –
- CVE-2023-3466 (CVSS score: 8.3) – An inappropriate enter validation vulnerability ensuing in a mirrored cross-web-site scripting (XSS) attack
- CVE-2023-3467 (CVSS score: 8.) – An incorrect privilege administration vulnerability benefits in privilege escalation to the root administrator (nsroot)
Wouter Rijkbost and Jorren Geurts of Resillion have been credited with reporting the bugs. Patches have been made out there to handle the three flaws in the below variations –
- NetScaler ADC and NetScaler Gateway 13.1-49.13 and later on releases
- NetScaler ADC and NetScaler Gateway 13.-91.13 and later on releases of 13.
- NetScaler ADC 13.1-FIPS 13.1-37.159 and later on releases of 13.1-FIPS
- NetScaler ADC 12.1-FIPS 12.1-55.297 and later releases of 12.1-FIPS, and
- NetScaler ADC 12.1-NDcPP 12.1-55.297 and later releases of 12.1-NDcPP
Shoppers of NetScaler ADC and NetScaler Gateway variation 12.1 are recommended to improve their appliances to a supported edition to mitigate prospective threats.
Future WEBINARShield From Insider Threats: Grasp SaaS Security Posture Management
Worried about insider threats? We have bought you covered! Join this webinar to check out realistic strategies and the tricks of proactive security with SaaS Security Posture Management.
Be part of Now
The development arrives amid energetic exploitation of security flaws uncovered in Adobe ColdFusion (CVE-2023-29298 and CVE-2023-38203) and the WooCommerce Payments WordPress plugin (CVE-2023-28121).
Leaving security flaws in WordPress plugins could open up the door to entire compromise, enabling threat actors to repurpose the compromised WordPress web pages for other destructive activities.
Past month, eSentire disclosed an attack campaign dubbed Nitrogen whereby infected WordPress web-sites have been used to host destructive ISO picture data files that, when released, culminate in the deployment of rogue DLL data files capable of calling a distant server to fetch further payloads, together with Python scripts and Cobalt Strike.
Located this report exciting? Follow us on Twitter and LinkedIn to read a lot more unique information we post.
Some pieces of this short article are sourced from: