A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / Multiple vulnerabilities in Citrix ADC and Citrix gateway (CVE-2023-3519, CVE-2023-3466, CVE-2023-3467)

Multiple vulnerabilities in Citrix ADC and Citrix gateway (CVE-2023-3519, CVE-2023-3466, CVE-2023-3467)

Advisory No: TZCERT/SA/2023/08/02

Date of First Release: 2nd August 2023

Source: Citrix

Software Affected: Citrix ADC and Citrix Gateway

Overview:

Citrix has released security patches to address critical vulnerabilities affecting the NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). These vulnerabilities could allow an attacker to execute arbitrary code.

Description:

Multiple vulnerabilities have been discovered in Citrix ADC and Citrix gateway which may be exploited to allow an attacker to execute arbitrary code to an affected system.

CVE-2023-3519 is a remote code execution (RCE) vulnerability that affects older installations of NetScaler ADC as well as NetScaler Gateway, which is an access gateway that provides VPN and single sign-on (SSO) capabilities for remote end users of network assets.

CVE 2023-3467 is a privilege escalation vulnerability that requires attackers to have unauthenticated access to the NSIP or subnet IP (SNIP) with management interface access, and allows for potential privilege elevation to root administrator access.

Impact:

Successful exploitation of this vulnerability may allow the attacker to control of the affected system.

Solution:

Citrix has released patches for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

  1. https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467
  2. https://attackerkb.com/topics/si09VNJhHh/cve-2023-3519/rapid7-analysis?referrer=notificationEmail
  3. https://unit42.paloaltonetworks.com/threat-brief-citrix-cve-2023-3519/

Check Also

Critical Authentication Bypass Vulnerability in The GitHub Enterprise Server (CVE-2024-4985)

Advisory No: TZCERT/SA/2024/05/23 Date of First Release: 23rd May 2024 Source: GitHub Software Affected: GitHub …