Published: January 19, 2024

Overview

Two vulnerabilities, CVE-2023-6548 and CVE-2023-6549, have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway), advanced networking solutions for optimizing application delivery and enabling secure remote access. These vulnerabilities are currently being exploited in the wild.

Impact

CVE-2023-6548 (CVSS 5.5) allows low-privilege accounts to potentially execute remote code on NetScaler ADC and Gateway appliances. The vulnerabilities can be compromised only if NetScaler ADC or the NetScaler Gateway management IP is available on the public internet.

CVE-2023-6549 (CVSS 8.2) could result in denial of service if the appliance is configured as a gateway, such as VPN virtual server.

Only customer-managed NetScaler appliances are affected; NetScaler-managed cloud services are not affected.

Applicable Versions

Affected VersionsNot Affected Versions
NetScaler ADC and NetScaler Gateway 14.1 before 14.1-12.35NetScaler ADC and NetScaler Gateway 14.1-12.35 and later releases
NetScaler ADC and NetScaler Gateway 13.1 before 13.1-51.15NetScaler ADC and NetScaler Gateway 13.1-51.15 and later releases of 13.1
NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.21NetScaler ADC and NetScaler Gateway 13.0-92.21 and later releases of 13.0  
NetScaler ADC 13.1-FIPS before 13.1-37.176NetScaler ADC 13.1-FIPS 13.1-37.176 and later releases of 13.1-FIPS  
NetScaler ADC 12.1-FIPS before 12.1-55.302NetScaler ADC 12.1-FIPS 12.1-55.302 and later releases of 12.1-FIPS  
NetScaler ADC 12.1-NDcPP before 12.1-55.302NetScaler ADC 12.1-NDcPP 12.1-55.302 and later releases of 12.1-NDcPP 

Mitigations and Workarounds

It is advised to install the recommended builds available in the advisory from Citrix:

https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549

Best Practices

CVE- 2023- 6548 only impacts the management interface. It is not recommended to expose the management interface to the internet.

Netsurion Detection and Response

Netsurion researchers are continuously monitoring the exploits of this vulnerability. Netsurion’s vulnerability management system will detect  CVE-2023-6548 and CVE-2023-6549 for customers who have subscribed to Netsurion Vulnerability Management.

References:

  1. https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549
  2. https://www.netscaler.com/blog/news/high-severity-updates-are-available-for-netscaler-adc-and-netscaler-gateway/
  3. https://nvd.nist.gov/vuln/detail/CVE-2023-6549
  4. https://nvd.nist.gov/vuln/detail/CVE-2023-6548
Cybersecurity Updates
Latest Advisory Alerts

Palo Alto PAN-OS Command Injection Vulnerability

D-Link NAS Command Injection Vulnerability

VMware ESXi, Workstation, and Fusion Vulnerabilities

Latest Data Source Integrations

AWS Key Management Service (KMS)

Have I Been Pwned

SentinelOne

Latest Enhancements

Netsurion Open XDR Now Supports PCI DSS 4.0

Extended Data Source Integrations and Alerts Released for Essentials

Enriched Application Control in Open XDR 9.4