Zero-Day Attacks Exploited Critical Vulnerability in Citrix ADC and Gateway
On July 19, 2023, Citrix issued a warning about a critical security vulnerability affecting its NetScaler Application Delivery Controller (ADC) and Gateway products. The vulnerability, known as CVE-2023-3519 (with a CVSS score of 9.8), involves a code injection issue that is actively being exploited in the wild. The flaw allows for unauthenticated remote code execution, posing a significant risk to affected systems. The impacted versions include: NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.13 NetScaler ADC and NetScaler Gateway 13.0 before 13.0-91.13 NetScaler ADC and NetScaler Gateway version 12.1 (which is currently end-of-life) NetScaler ADC 13.1-FIPS before 13.1-37.159 NetScaler ADC 12.1-FIPS before 12.1-55.297 NetScaler ADC 12.1-NDcPP before 12.1-55.297 Citrix has not provided extensive details about the specific nature of the vulnerability associated with CVE-2023-3519. However, they have confirmed that exploits for this flaw have been detected on devices that h