Skip to main content

Citrix Products Multiple Vulnerabilities

Release Date: 19 Jul 2023 5951 Views

RISK: Extremely High Risk

TYPE: Operating Systems - Networks OS

TYPE: Networks OS

Multiple vulnerabilities were identified in Citrix Products. A remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege, remote code execution and cross-site scripting on the targeted system.

 

Note:

According to Citrix, exploits of CVE-2023-3519 on unmitigated appliances have been observed.


Impact

  • Remote Code Execution
  • Elevation of Privilege
  • Cross-Site Scripting

System / Technologies affected

  • NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.13
  • NetScaler ADC and NetScaler Gateway 13.0 before 13.0-91.13
  • NetScaler ADC 13.1-FIPS before 13.1-37.159
  • NetScaler ADC 12.1-FIPS before 12.1-55.297
  • NetScaler ADC 12.1-NDcPP before 12.1-55.297

Note: NetScaler ADC and NetScaler Gateway version 12.1 is now End Of Life (EOL) and is vulnerable.


Solutions

Before installation of the software, please visit the software vendor web-site for more details.

 

  • The vendor has issued a fix:
    NetScaler ADC and NetScaler Gateway 13.1-49.13 and later releases
    NetScaler ADC and NetScaler Gateway 13.0-91.13 and later releases of 13.0
    NetScaler ADC 13.1-FIPS 13.1-37.159 and later releases of 13.1-FIPS 
    NetScaler ADC 12.1-FIPS 12.1-55.297 and later releases of 12.1-FIPS
    NetScaler ADC 12.1-NDcPP 12.1-55.297 and later releases of 12.1-NDcPP

For details: https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467


Vulnerability Identifier


Source


Related Link