CVE-2023-3519 is a remote code execution (RCE) vulnerability that could allow an unauthenticated threat actor to execute arbitrary code on a vulnerable server. According to Helpnetsecurity, at this time there is no public PoC, but the vulnerability has been observed being exploited in the wild.
Affected Products
- NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.13
- NetScaler ADC and NetScaler Gateway 13.0 before 13.0-91.13
- NetScaler ADC 13.1-FIPS before 13.1-37.159
- NetScaler ADC 12.1-FIPS before 12.1-55.297
- NetScaler ADC 12.1-NDcPP before 12.1-55.297
Remediation
Patches have been released to address this vulnerability.
Recommendations
- Update/Upgrade the software components immediately and generally keep the infrastructure up-to-date
- Review logs and check system integrity
- Use this Checklist to identify if your infrastructure already shows indications of a successful compromise
Notifications
CIRCL (Computer Incident Response Center Luxembourg) sends notifications to ISPs and known contact points when publicly exposed vulnerable devices were discovered. If you would like to directly share your IP resources for notifying the appropriate contact point, please reach out to us.
References
- Vendor information: Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467
- CVE information: CVE-2023-3519
- Info about the vulnerability: Citrix NetScaler zero-day exploited in the wild, patch is available (CVE-2023-3519)
- Checklist and IoCs: Checklist for NetScaler (Citrix ADC) CVE-2023-3519
- DFIR Citrix NetScaler Triage “this script is meant to run on acquired disk images of Citrix NetScaler device”
Classification of this document
TLP:CLEAR information may be distributed without restriction, subject to copyright controls.
Revision
- Version 1.0 - TLP:CLEAR - First version - 21st July 2023