Table of Contents
Citrix Patches Critical NetScaler ADC, Gateway Vulnerability
The vulnerability identified as CVE-2023-4966 in Citrix NetScaler ADC and Gateway products poses a potential high-risk situation. This vulnerability could potentially allow unauthenticated, remote malicious actors to execute arbitrary code on a system. Affected versions include all supported NetScaler ADC and NetScaler Gateway versions prior to 10.5, 11.1, 12.0, 12.1, and 13.0. Citrix has released NetScaler ADC and NetScaler Gateway versions to mitigate this vulnerability. Customers are strongly recommended to upgrade their system to the latest available versions. The vulnerability majorly affects customer-managed NetScaler ADC and Gateway products.
Additional High Severity Vulnerability and Citrix Hypervisor Vulnerabilities
An additional high-severity denial-of-service (DoS) flaw, CVE-2023-4967, has been brought to light. Further, Citrix has also announced patches for five vulnerabilities in Citrix Hypervisor 8.2 CU1 LTSR version. These vulnerabilities could potentially provide attackers with escalated privileges, execute arbitrary command execution, or information disclosure if exploited. The systems potentially impacted by these vulnerabilities and hotfixes instruction have been clearly detailed on the Citrix support site.
No Known Exploitations But Potential Threat
Citrix has clarified that there have been no known exploitations of these vulnerabilities to date. However, past instances have shown that publicly disclosed NetScaler ADC and Gateway vulnerabilities have been targeted by cybercriminals. Therefore, timely patching of systems is significant. In response to the vulnerabilities, the US cybersecurity agency CISA has also issued a warning and has recommended system administrators to take timely action to safeguard their systems.
Other Related Content
In recent reports, exploitation of Citrix ShareFile vulnerability has also been found. Further, high severity vulnerabilities have been discovered in other Windows and Linux Apps. The US Government is offering guidance on security measures for Open Source Software in OT and ICS, reminding IT professionals to stay updated on the security concerns and defenses in the constantly evolving technology landscape.
