Zero-Day Attacks Exploited Critical Vulnerability in Citrix ADC and Gateway

-

 

 


 

On July 19, 2023, Citrix issued a warning about a critical security vulnerability affecting its NetScaler Application Delivery Controller (ADC) and Gateway products. The vulnerability, known as CVE-2023-3519 (with a CVSS score of 9.8), involves a code injection issue that is actively being exploited in the wild.

The flaw allows for unauthenticated remote code execution, posing a significant risk to affected systems. The impacted versions include:

  1. NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.13
  2. NetScaler ADC and NetScaler Gateway 13.0 before 13.0-91.13
  3. NetScaler ADC and NetScaler Gateway version 12.1 (which is currently end-of-life)
  4. NetScaler ADC 13.1-FIPS before 13.1-37.159
  5. NetScaler ADC 12.1-FIPS before 12.1-55.297
  6. NetScaler ADC 12.1-NDcPP before 12.1-55.297

Citrix has not provided extensive details about the specific nature of the vulnerability associated with CVE-2023-3519. However, they have confirmed that exploits for this flaw have been detected on devices that have not implemented any mitigations.

To successfully exploit this vulnerability, the affected device must be configured as either a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or an authorization and accounting (AAA) virtual server.

Given the severity of this vulnerability and the active exploitation, Citrix users should take immediate action to update their affected NetScaler ADC and Gateway versions to the latest available patches or apply any mitigations recommended by the vendor. Failure to do so could leave their systems exposed to potential remote code execution and unauthorized access.

Accompanying the CVE-2023-3519 vulnerability, two other bugs have also been addressed:

  1. CVE-2023-3466 (CVSS score: 8.3) - This flaw involves improper input validation, leading to a reflected cross-site scripting (XSS) attack.
  2. CVE-2023-3467 (CVSS score: 8.0) - This vulnerability pertains to improper privilege management, resulting in privilege escalation to the root administrator (nsroot).

These bugs were reported by Wouter Rijkbost and Jorren Geurts of Resillion. Citrix has released patches to rectify the three vulnerabilities in the following versions of their products:

  • NetScaler ADC and NetScaler Gateway 13.1-49.13 and subsequent releases
  • NetScaler ADC and NetScaler Gateway 13.0-91.13 and later releases of version 13.0
  • NetScaler ADC 13.1-FIPS 13.1-37.159 and later releases of the FIPS version 13.1
  • NetScaler ADC 12.1-FIPS 12.1-55.297 and later releases of the FIPS version 12.1
  • NetScaler ADC 12.1-NDcPP 12.1-55.297 and later releases of the NDcPP version 12.1

For users running NetScaler ADC and NetScaler Gateway version 12.1, it is advised to upgrade to a supported version to minimize potential threats.

This update on Citrix's security vulnerabilities coincides with the active exploitation of security flaws in Adobe ColdFusion (CVE-2023-29298 and CVE-2023-38203) and the WooCommerce Payments WordPress plugin (CVE-2023-28121).

Leaving security flaws unaddressed in WordPress plugins could expose websites to complete compromise, enabling malicious actors to repurpose the compromised sites for further malicious activities. In a recent attack campaign called Nitrogen, eSentire disclosed that infected WordPress sites were utilized to host malicious ISO image files. When launched, these files led to the deployment of rogue DLL files capable of connecting to a remote server to fetch additional payloads, including Python scripts and Cobalt Strike.

 

Comments

Post a Comment

Popular posts from this blog

How to Repair Kali Linux grub after installing Windows in Dual boot System

-
Image
If your System has primary OS Windows then you install your secondary OS Kali Linux. That will be OK, Kali Linux puts boot entry of Windows automatically for you. At initial boot menu you can see both OS entry to boot. If your windows is corrupt in dual boot system or if you want to install windows as secondary OS after installing Kali Linux as primary OS. You may face corrupt boot-loader menu. You wont be able to boot Kali Linux any more because Windows wont put entry of Kali Linux automatically in their boot menu. So this post motive is to help those guys which are facing those problems subjecting to corrupt Boot-loader. There are mainly two methods: 1. Repair Grub via Kali Linux live USB. 2. Repair Grub Via Boot-rapair-disk. Method 1# Repair Grub via Kali Linux live USB It is up to you which you want to choose but if you are Linux familiar then go for this method. Requirements 1. A Kali Linux ISO image. You can download here: Download Kali Linux
Read more

PDFCrack - Password Cracking Tool for PDF-files

-
Image
PDFcrack is a GNU/Linux tool for cracking password protected PDF files. It is a very small command line application. It is not preinstalled in kali linux. We can install through command line. For installing pdfcrack open a terminal and enter apt install pdfcrack Syntax and options Usage: pdfcrack -f filename [OPTIONS]           : pdfcrack -f filenmae -w passwordfile.txt OPTIONS : -b, --bench perform benchmark and exit -c, --charset=STRING Use the characters in STRING as charset -w, --wordlist=FILE Use FILE as source of passwords to try -n, --minpw=INTEGER Skip trying passwords shorter than this -m, --maxpw=INTEGER Stop when reaching this passwordlength -l, --loadState=FILE Continue from the state saved in FILENAME -o, --owner Work with the ownerpassword -u, --user Work with the userpassword (default) -p, --password=STRING Give userpassword to speed up breaking ownerpassword (implies -o) -q, --quiet Run quietly -s,
Read more

Avet – Open Source Anti-Virus Evasion Tool

-
Image
When we want to perform an exploitation to a windows target, we need a payload that is undetectable to Antivirus Solutions. Msfvenom on its own is not enough. So we need an AV evasion tool to make this easy for us. Avet is a tool for building exe files with shellcode payloads for antivirus evasion. Installing Avet First clone the repository to our machine. git clone https://github.com/govolution/avet.git   After that go inside the folder and run the setup file to install wine and other missing components. cd avet/       Run the setup file to install the missing components.   ./setup.sh     Select create  for new installation   Running Avet There are two ways to run avet. Run avet by typing the command below. python avet_fabric.py   There are two ways to run avet. Either by compiling the make_avet script as shown below, or by  running the avet_fabric.py script, as shown. gcc -0 make_avet make_avet.c
Read more