Multiple vulnerabilities in Citrix ADC and Citrix gateway (CVE-2023-3519, CVE-2023-3466, CVE-2023-3467)

Advisory No: TZCERT/SA/2023/08/02

Date of First Release: 2^nd August 2023

Source: Citrix

Software Affected: Citrix ADC and Citrix Gateway

Overview:

Citrix has released security patches to address critical vulnerabilities affecting the NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). These vulnerabilities could allow an attacker to execute arbitrary code.

Description:

Multiple vulnerabilities have been discovered in Citrix ADC and Citrix gateway which may be exploited to allow an attacker to execute arbitrary code to an affected system.

CVE-2023-3519 is a remote code execution (RCE) vulnerability that affects older installations of NetScaler ADC as well as NetScaler Gateway, which is an access gateway that provides VPN and single sign-on (SSO) capabilities for remote end users of network assets.

CVE 2023-3467 is a privilege escalation vulnerability that requires attackers to have unauthenticated access to the NSIP or subnet IP (SNIP) with management interface access, and allows for potential privilege elevation to root administrator access.

Impact:

Successful exploitation of this vulnerability may allow the attacker to control of the affected system.

Solution:

Citrix has released patches for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

1. https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467
2. https://attackerkb.com/topics/si09VNJhHh/cve-2023-3519/rapid7-analysis?referrer=notificationEmail
3. https://unit42.paloaltonetworks.com/threat-brief-citrix-cve-2023-3519/