Citrix Products NetScaler ADC and NetScaler Gateway Zero Day Vulnerability - 20230822004

Overview

A vulnerability exists within Citrix ADC that allows an unauthenticated attacker to trigger a stack buffer overflow of the nsppe process by making a specially crafted HTTP GET request. Successful exploitation results in remote code execution as root.

What is the threat?

The ACSC has assessed that there is significant exposure to this Citrix NetScaler ADC and NetScaler Gateway vulnerability in Australia and that any future exploitation would have significant impact to Australian systems and networks.

What is the vulnerability?

CVE-2023-3519 - Known to be exploited.

What is vulnerable?

The vulnerability affects customers using NetScaler ADC and NetScaler Gateway.

• NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.13

• NetScaler ADC and NetScaler Gateway 13.0 before 13.0-91.13

• NetScaler ADC 13.1-FIPS before 13.1-37.159

• NetScaler ADC 12.1-FIPS before 12.1-55.297

• NetScaler ADC 12.1-NDcPP before 12.1-55.297

Note: NetScaler ADC and NetScaler Gateway version 12.1 is now End Of Life (EOL) and is vulnerable.

What has been observed ?

• The ACSC is tracking a vulnerability in Citrix NetScaler ADC and NetScaler Gateway that may be in use on Australian networks.

• Citrix have observed exploits of CVE-2023-3519 on unmitigated appliances.

Recommendation

Due to Known Exploitation The WA SOC strongly recommends any systems exposed to the internet should have observable telemetry for both internet and organisation traffic as per the WA SOC Network Management Guideline to support detection and response activities.

Reference

Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467