Last updated at Thu, 10 Aug 2023 20:40:50 GMT
周二,7月18日,思杰 published a security 公告 warning users of three new vulnerabilities affecting NetScaler ADC 和 NetScaler Gateway. Of the three vulnerabilities, CVE-2023-3519 is the most severe—successful exploitation allows unauthenticated attackers to execute code remotely on vulnerable target systems that are configured as a Gateway.
- CVE-2023-3466: Reflected XSS vulnerability—successful exploitation requires the victim to access an attacker-controlled link in the browser while being on a network with connectivity to the NetScaler IP (NSIP)
- CVE-2023-3467: Allows for privilege escalation to root administrator (nsroot)
- CVE-2023-3519: Unauthenticated remote code execution—请注意 that the appliance must be configured as a Gateway (VPN virtual server, ICA代理, CVPN, RDP Proxy) OR AAA virtual server
According to the advisory, CVE-2023-3519 has been exploited in the wild.
7月20日,美国政府宣布.S. Cybersecurity 和 Infrastructure Security Agency (CISA) published a detailed 公告 on observed attacker activity. The 公告 notes that threat actors exploited CVE-2023-5319 as a zero-day "to drop a webshell on a critical infrastructure organization’s non-production environment NetScaler ADC appliance. The webshell enabled the actors to perform discovery on the victim’s active directory (AD) 和 collect 和 exfiltrate AD data."
This product line is a popular target for attackers of all skill levels, 和 we expect that exploitation will increase quickly. Rapid7 strongly recommends updating to a 固定 version on an emergency basis, without waiting for a typical patch cycle to occur. 看到 Citrix咨询 了解更多信息.
受影响的产品
根据思杰的说法, the following supported versions of NetScaler ADC 和 NetScaler Gateway are affected by the vulnerabilities:
- NetScaler ADC 和 NetScaler Gateway 13.前1 13.1-49.13
- NetScaler ADC 和 NetScaler Gateway 13.0 前13.0-91.13
- NetScaler ADC 13.1-FIPS前13.1-37.159
- NetScaler ADC 12.1-FIPS之前12.1-65.36
- NetScaler ADC 12.1-NDcPP前12.65.36
The advisory notes that NetScaler ADC 和 NetScaler Gateway version 12.1 is End Of Life (EOL) 和 is vulnerable. Citrix recommends that customers who are using an EOL version upgrade their appliances to one of the supported 固定 versions below.
All three CVEs are remediated in the following 固定 产品版本:
- NetScaler ADC 和 NetScaler Gateway 13.1-49.13及以后的版本
- NetScaler ADC 和 NetScaler Gateway 13.0-91.13 和 later releases of 13.0
- NetScaler ADC 13.1-FIPS 13.1-37.159 和 later releases of 13.1-FIPS
- NetScaler ADC 12.1-FIPS 12.1-65.36和后来的12个版本.1-FIPS
- NetScaler ADC 12.1-NDcPP 12.1-65.36和后来的12个版本.1-NDcPP
缓解指导
Patches are available for vulnerable versions of NetScaler ADC 和 NetScaler Gateway 和 should be applied on an emergency basis. 有关更多信息,请参见 Citrix的咨询.
中钢协 公告 has an extensive list of attacker behaviors 和 artifacts that may aid in threat hunting.
Rapid7客户
Authenticated vulnerability checks for all three CVEs are available to InsightVM 和 Nexpose customers as of the July 18, 2023年内容更新.
