Skip to main content
close search
site logo
Dive Brief

Citrix warns of limited exploitation in a pair of Netscaler zero days

The company said the vulnerabilities are unrelated to CitrixBleed, but urged customers to immediately apply fixes to protect their systems.

Published Jan. 18, 2024
David Jones's headshot
Reporter
Exterior of Citrix office complex.
A sign is posted on the exterior of a Citrix office complex on January 31, 2022 in Santa Clara, California. Justin Sullivan/Getty Images via Getty Images

Dive Brief:

  • Citrix is warning that two zero-day vulnerabilities in customer-managed Netscaler Application Delivery Controller and Netscaler Gateway devices are under active exploit in a limited number of cases
  • The vulnerabilities are tracked as CVE-2023-6548, which could lead to remote-code execution, and CVE-2023-6549, which could lead to a denial of service attack. The vulnerabilities come more than three months after the initial patch was released for CitrixBleed, but the new zero days are unrelated to that vulnerability, which is tracked as CVE-2023-4966.
  • The RCE vulnerability, which has a CVSS score of 5.5, was reported by a customer, while the denial of service vulnerability has a CVSS score of 8.2, and was discovered internally and later reported by a customer.

Dive Insight:

The new zero days mark another headache for Citrix, which is still navigating the fallout from the CitrixBleed vulnerability. Already, it has seen widespread exploitation of companies across the U.S. and overseas. 

CitrixBleed ensnared major organizationsfrom Boeing to Comcast’s Xfinity broadband entertainment unit and the Industrial and Commercial Bank of China, as criminal ransomware groups and state-linked actors leveraged it to launch malicious attacks.

Citrix said the new vulnerabilities are not related to CitrixBleed and researchers consider the newly disclosed zero days to be far less severe. The company however is urging customers to take immediate action. 

“Successful exploitation could lead to remote-code execution in the management console or denial of service,” Citrix officials said in a statement. “Netscaler recommends customers apply the fixes quickly before the exploitation becomes widespread.”

The Cybersecurity and Infrastructure Security Agency added the two vulnerabilities to its Known Exploited Vulnerabilities catalog. 

No proof of concept has been identified, but researchers at Tenable warn such a development could happen soon and lead to a rapid acceleration of threat activity. 

The researchers also warned that an attacker could easily exploit the RCE vulnerability with low-level privileges if they can access NetScaler IP, Subnet IP or cluster management IP with access to the appliance’s management interface. Citrix notes the management interface should not be exposed to the public internet, and instead kept on a private network.

An attacker can exploit the DoS vulnerability when a vulnerable appliance has been configured as a gateway or an AAA virtual server.

Filed Under: Vulnerability

Editors' picks

Company Announcements

View all | Post a press release
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Editors' picks
Latest in Vulnerability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell