Two vulnerabilities have been found in NetScaler ADC and NetScaler Gateway, formerly known as Citrix ADC and Citrix Gateway, and are affecting six supported versions.
Tracked as CVE-2023-6548, this vulnerability needs access to NSIP, CLIP, or SNIP with management interface access, where, if gaining these privileges, a threat actor could authenticate remote code execution on the appliance's management interface.
This vulnerability is rated a medium severity CVSS score of 5.5 on a 10-point scale.
The second vulnerability, CVE-2023-6549, is a denial-of-service issue, and the device must have an AAA virtual server or be configured as a gateway; it has been given a high severity CVSS rating of 8.2.
Both of these flaws have been exploited in the wild, but no details have been shared from Citrix at this point.
1-51.15 and later releases of 13.1.
NetScaler ADC and NetScaler Gateway 13.0-92.21 and later releases of 13.0 . NetScaler ADC 13.1-FIPS 13.1-37.176 and later releases of 13.1-FIPS .
NetScaler ADC 12.1-FIPS 12.1-55.302 and later releases of 12.1-FIPS .
NetScaler ADC 12.1-NDcPP 12.1-55.302 and later releases of 12.1-NDcPP. Just last month, Citrix patched a critical flaw, CVE-2023-4966, that was heavily exploited by threat actors, but according to Tenable researchers, these two new vulnerabilities won't have as significant of an impact.
Still, users should mitigate and apply patches to their networks as soon as they can.
Citrix reports that it is alerting customers and channel partners about any potential issues that may arise due to these vulnerabilities through its bulletin in its Citrix Knowledge Center on its website.
Should customers need support or assistance, they can reach out to Citrix technical support.
This Cyber News was published on www.darkreading.com. Publication date: Thu, 18 Jan 2024 22:40:04 +0000