Citrix published a Security Bulletin on 19th July 2023 in which it disclosed 3 new vulnerabilities in Citrix ADC and Gateway Products. All three tracked under the identifiers CVE-2023-3519, CVE-2023-3466, and CVE-2023-3467 are rated Critical and High in severity with CVSS scores of 9.8, 8.3, and 8 respectively. The exploitation of these vulnerabilities would allow adversaries to perform Code Injection, Remote Code Execution, Privilege Escalation to root, and Reflected Cross-Site Scripting attacks on vulnerable versions of NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway. It is highly recommended that organizations who use NetSclar/Citrix ADC and Gateway Products should patch all these vulnerabilities in Citrix ADC and Gateway Products. Without further due, let’s see how to fix CVE-2023-3519 (Unauthenticated Remote Code Execution Vulnerability in Citrix Products) with the other two vulnerabilities in this post.
A Short Note About Citrix ADC and Gateway Products
Citrix ADC (Application Delivery Controller) and Gateway are integral components of the Citrix networking portfolio, designed to streamline and enhance network performance, security, and manageability.
Citrix ADC is an industry-leading application delivery and load-balancing solution that enables IT departments to deliver applications securely and at high speed. It offers multiple capabilities such as load balancing, content switching, SSL offloading, application firewall, optimization, and connection multiplexing, to name a few. Citrix ADC is available in different form factors including hardware, virtual, and cloud-based instances to cater to diverse organizational needs. It supports a wide range of protocols and provides SSL VPN access to applications, making it a one-stop solution for application delivery.
On the other hand, Citrix Gateway is a robust networking solution designed to provide secure, remote access to applications and desktops. It provides a secure SSL VPN connection between users and applications, enabling organizations to control access on a granular level. Citrix Gateway works in tandem with Citrix Virtual Apps and Desktops, ensuring that remote and mobile workers have secure access to their enterprise resources. It offers advanced features like single sign-on, multi-factor authentication, and session policies which enhance the security and usability of the system.
Summary of CVE-2023-3519 With Other Two Vulnerabilities
As per the advisory released by Citrix, there are three vulnerabilities identified in Citrix ADC and Gateway Products. Out of the three vulnerabilities, one is critical, and the remaining two are high in severity. All three were tracked under the identifiers CVE-2023-3519, CVE-2023-3466, and CVE-2023-3467 are rated Critical with CVSS scores of 9.8, 8.3, and 8.0 out of 10, respectively.
|CVE ID||Description||CVSS Score||Severity|
|CVE-2023-3519||Unauthenticated remote code execution||9.8||Critical|
|CVE-2023-3466||Reflected Cross-Site Scripting (XSS)||8.3||High|
|CVE-2023-3467||Privilege Escalation to root administrator (nsroot)||8.0||High|
This is a critical severity Unauthenticated remote code execution vulnerability in Citrix ADC and Citrix Gateway products. This flaw can only be exploited only if the appliances are configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
This is a High severity Reflected Cross-Site Scripting (XSS) vulnerability in Citrix ADC and Citrix Gateway products. The flaw is due to Improper Control of the Generation of Code (‘Code Injection’). Attackers could exploit the victim by tricking them to click on their controlled malicious link while being on a network with connectivity to the NSIP.
This is a High severity Privilege Escalation to root administrator (nsroot) vulnerability in Citrix ADC and Citrix Gateway products. The flaw is due to Improper Privilege Management. Prior authentication is required to exploit this vulnerability.
Citrix Products Affected by These Vulnerabilities
According to Wouter Rijkbost and Jorren Geurts, security researchers at Resillion, these products are vulnerable to these flaws.
- NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.13
- NetScaler ADC and NetScaler Gateway 13.0 before 13.0-91.13
- NetScaler ADC 13.1-FIPS before 13.1-37.159
- NetScaler ADC 12.1-FIPS before 12.1-55.297
- NetScaler ADC 12.1-NDcPP before 12.1-55.297
Note: NetScaler ADC and NetScaler Gateway version 12.1 is now End Of Life (EOL) and is vulnerable.
How to Fix CVE-2023-3519- An Unauthenticated Remote Code Execution Vulnerability in Citrix Products?
Citrix has responded these vulnerabilities by releasing the patches. We recommend installing the relevant updated versions of Citrix ADC or Citrix Gateway as soon as possible. Please download the latest versions of Citrix ADC and Citrix Gateway to apply the patches.
Patched versions of Citrix ADC and Gateway Products are:
- NetScaler ADC and NetScaler Gateway 13.1-49.13 and later releases
- NetScaler ADC and NetScaler Gateway 13.0-91.13 and later releases of 13.0
- NetScaler ADC 13.1-FIPS 13.1-37.159 and later releases of 13.1-FIPS
- NetScaler ADC 12.1-FIPS 12.1-55.297 and later releases of 12.1-FIPS
- NetScaler ADC 12.1-NDcPP 12.1-55.297 and later releases of 12.1-NDcPP
Note: NetScaler ADC and NetScaler Gateway version 12.1 is now End Of Life (EOL). Customers are recommended to upgrade their appliances to one of the supported versions that address the vulnerabilities.
How To Upgrade Citrix ADC?
There are different ways to upgrade the Citrix ADC appliance. Please take a look at those here:
How To Upgrade Citrix Gateway?
There are different ways to upgrade the Citrix Gateway appliance. Please take a look at those here: