Citrix Products Multiple Vulnerabilities
RISK: Extremely High Risk
TYPE: Operating Systems - Networks OS
Multiple vulnerabilities were identified in Citrix Products. A remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege, remote code execution and cross-site scripting on the targeted system.
According to Citrix, exploits of CVE-2023-3519 on unmitigated appliances have been observed.
- Remote Code Execution
- Elevation of Privilege
- Cross-Site Scripting
System / Technologies affected
- NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.13
- NetScaler ADC and NetScaler Gateway 13.0 before 13.0-91.13
- NetScaler ADC 13.1-FIPS before 13.1-37.159
- NetScaler ADC 12.1-FIPS before 12.1-55.297
- NetScaler ADC 12.1-NDcPP before 12.1-55.297
Note: NetScaler ADC and NetScaler Gateway version 12.1 is now End Of Life (EOL) and is vulnerable.
Before installation of the software, please visit the software vendor web-site for more details.
- The vendor has issued a fix:
NetScaler ADC and NetScaler Gateway 13.1-49.13 and later releases
NetScaler ADC and NetScaler Gateway 13.0-91.13 and later releases of 13.0
NetScaler ADC 13.1-FIPS 13.1-37.159 and later releases of 13.1-FIPS
NetScaler ADC 12.1-FIPS 12.1-55.297 and later releases of 12.1-FIPS
NetScaler ADC 12.1-NDcPP 12.1-55.297 and later releases of 12.1-NDcPP