Thousands of Citrix Netscaler ADC and Gateway servers
exposed online are vulnerable to attacks exploiting a critical remote code
execution (RCE) bug previously abused in the wild as a zero-day.
They also noted that they are also undercounting because
some revisions that are known to be vulnerable but do not have version hashes
have not been flagged and added to the total number of exposed Citrix servers.
The vulnerability, tracked as CVE-2023-3519 (CVSS score:
9.8), is a code injection that could result in unauthenticated remote code
execution. The IT giant warns of the availability of exploits for this
vulnerability that have been observed in attacks on unmitigated equipment. The
company adds that successful exploitation requires the appliance to be
configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA
virtual server.
The CVE-2023-3519 RCE zero-day was most likely available
online since the first week of July when threat actors started advertising the
Citrix ADC zero-day flaw on hacker forums. BleepingComputer has also learned
that Citrix was aware of the zero-day advertisement and was working on a patch
before making an official disclosure.
CISA also ordered US federal agencies on Wednesday to secure
Citrix servers on their networks from ongoing attacks by August 9, and warned
that the bug has been used to break into the systems of US critical
infrastructure organizations.
In June 2023, threat actors exploited this vulnerability as
a zero-day to drop a webshell on a critical infrastructure organization's
NetScaler ADC appliance," CISA said in a separate advisory published on
Thursday.
0 Comments