- 18/2024
- High
Citrix has released security updates to address several vulnerabilities across multiple products.
The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, conduct cross-site scripting attacks, perform denial of service attacks, or gain access to the affected system.
Sample of the addressed vulnerabilities:
1. Citrix NetScaler ADC and NetScaler Gateway Denial of Service Vulnerability (CVE-2023-6549):
- CVSS: 8.2
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
2. Citrix NetScaler ADC and NetScaler Gateway Code Execution (CVE-2023- 6548):
- CVSS: 5.5
- Attack Vector: Adjacent Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
The affected products:
- Citrix NetScaler ADC.
- Citrix NetScaler Gateway.
- Citrix StoreFront.
- Citrix Virtual Apps and Desktops.
It should be highlighted that the vulnerabilities (CVE-2023-6549 and CVE-2023- 6548) affecting Netscaler ADC and NetScaler Gateway appliances are zero-day vulnerabilities which are actively exploited in the wild by many threat actors to deploy their malware.
Vulnerabilities
- CVE-2023-6549
- CVE-2023-6184
- CVE-2023-6548
- CVE-2023-5914
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.