Citrix ADC Code Injection Vulnerability

CVE ID

CVE-2023-3519

Exploit Rating

yes

Risk Rating\CVSS

9.8 – Zero-day

Associated Threat actor \Malware/campaign

Under Attack by multiple adversaries

User Interaction

No

Affected Products

• NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.13
• NetScaler ADC and NetScaler Gateway 13.0 before 13.0-91.13
• NetScaler ADC 13.1-FIPS before 13.1-37.159
• NetScaler ADC 12.1-FIPS before 12.1-55.297
• NetScaler ADC 12.1-NDcPP before 12.1-55.297
• NetScaler ADC and NetScaler Gateway version 12.1 is now End Of Life (EOL) and is vulnerable

Summary

A code injection vulnerability exists within Citrix ADC prior to 13.1-49.13 that, when exploited, allows an attacker to remotely execute arbitrary code. to be vulnerable, appliances have to be configured “as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy); or as an AAA virtual server.

Analysis

The vulnerability considered high-risk because of the possibility of remote code execution without any known offsets.

Patch/Mitigation

Citrix urges affected customers to install the updated versions as soon as possible.