Researchers at Shadowserver Foundation noted thousands of Citrix Netscaler ADC and Gateway servers are vulnerable to RCE attacks, citing a zero-day bug that’s already under exploitation.
A patch for this bug is already available and Citrix urges users to apply it immediately. Citrix has also patched two other critical bugs in the same update, so it’s essential to apply it. Researchers said there were over 15,000 Netscaler appliances exposed online.
Zero-Day Bug in Citrix Devices
Citrix products are some of the most used appliances in any networking situation, as they’re reliable and resourceful and this makes it’s products a perfect target for hackers, as they’re abundant and used by critical organisations.
Earlier this week, researchers at Shadowserver Foundation noted a massive campaign targeting thousands of Citrix Netscaler ADC and Gateway servers infected with a zero-day bug tracked as CVE-2023-3519.
Update on CVE-2023-3519 vulnerable IPs: we now tag 15K Citrix IPs as vulnerable to CVE-2023-3519. We extended the tagging logic to tag as vulnerable all that return Last Modified headers with a date before July 1, 2023 00:00:00Z. We also improved NetScaler AAA detection coverage. https://t.co/xvHv4r5e8g pic.twitter.com/jd1shpdXjF
— Shadowserver (@Shadowserver) July 21, 2023
This security bug allows unauthenticated attackers to breach into the vulnerable servers, and they’re at least 15,000 of them in the wild, says researchers. The estimate was undercounted as some appliances have no version hashes to track, but they’re deemed vulnerable.
Citrix noted that these systems are exposed to Remote Code Execution attacks and even observed “exploits of CVE-2023-3519 on unmitigated appliances” in the wild. A patch for this has already been made available, urging customers to install the patches as soon as possible.
The patch also includes fixes for two other high-severity vulnerabilities tracked as CVE-2023-3466(cross-site scripting) and CVE-2023-3467(privilege escalation). Thus, it’s strongly advised to apply the patch update immediately.
The flaw is so severe that CISA notified the U.S. federal agencies, ordering them to patch their Citrix servers by August 9th and be secured against the ongoing attacks. The agency also noted that the flaw was already exploited against a U.S. critical infrastructure organisation.
Other Trending News:- News
