Skip to main content

Citrix Products Multiple Vulnerabilities

Last Update Date: 18 Jan 2024 Release Date: 17 Jan 2024 4404 Views

RISK: High Risk

TYPE: Operating Systems - Networks OS

TYPE: Networks OS

Multiple vulnerabilities were identified in Citrix Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and remote code execution on the targeted system.

 

Note:
CVE-2023-6548 and CVE-2023-6549 is being exploited in the wild.

For CVE-2023-6548, need authenticated (low privileged) and need access to NSIP, CLIP or SNIP with management interface access.

For CVE-2023-6549, the affected appliance is needed to configure as a VPN virtual server, ICA Proxy, CVPN, RDP Proxy or AAA virtual server.

Hence, the risk level is rated as High.

 

[Updated on 2024-01-18] 

Updated System / Technologies affected, Solutions, Vulnerability Identifier and Related Links.


Impact

  • Remote Code Execution
  • Denial of Service

System / Technologies affected

  • NetScaler ADC and NetScaler Gateway 14.1 before 14.1-12.35
  • NetScaler ADC and NetScaler Gateway 13.1 before 13.1-51.15
  • NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.21
  • NetScaler ADC 13.1-FIPS before 13.1-37.176
  • NetScaler ADC 12.1-FIPS before 12.1-55.302
  • NetScaler ADC 12.1-NDcPP before 12.1-55.302
  • Citrix Virtual Apps and Desktops before 2311
  • Citrix Virtual Apps and Desktops 1912 LTSR before CU8 hotfix 19.12.8100.4
  • Citrix Virtual Apps and Desktops 2203 LTSR before CU4

Note: NetScaler ADC and NetScaler Gateway version 12.1 is now End Of Life (EOL) and is vulnerable.


Solutions

Before installation of the software, please visit the software vendor web-site for more details.

 

  • The vendor has issued a fix:
    NetScaler ADC and NetScaler Gateway 14.1-12.35 and later releases
    NetScaler ADC and NetScaler Gateway 13.1-51.15  and later releases of 13.1
    NetScaler ADC and NetScaler Gateway 13.0-92.21 and later releases of 13.0  
    NetScaler ADC 13.1-FIPS 13.1-37.176 and later releases of 13.1-FIPS  
    NetScaler ADC 12.1-FIPS 12.1-55.302 and later releases of 12.1-FIPS  
    NetScaler ADC 12.1-NDcPP 12.1-55.302 and later releases of 12.1-NDcPP 
  • Citrix Virtual Apps and Desktops 2311 and later

For details: https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549

 


Vulnerability Identifier


Source


Related Link