Citrix Products Multiple Vulnerabilities

Last Update Date: 18 Jan 2024 Release Date: 17 Jan 2024 3445 Views

RISK: High Risk

High Risk

TYPE: Operating Systems - Networks OS

TYPE: Networks OS

Multiple vulnerabilities were identified in Citrix Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and remote code execution on the targeted system.

 

Note:
CVE-2023-6548 and CVE-2023-6549 is being exploited in the wild.

For CVE-2023-6548, need authenticated (low privileged) and need access to NSIP, CLIP or SNIP with management interface access.

For CVE-2023-6549, the affected appliance is needed to configure as a VPN virtual server, ICA Proxy, CVPN, RDP Proxy or AAA virtual server.

Hence, the risk level is rated as High.

 

[Updated on 2024-01-18] 

Updated System / Technologies affected, Solutions, Vulnerability Identifier and Related Links.

Impact

  • Remote Code Execution
  • Denial of Service

System / Technologies affected

  • NetScaler ADC and NetScaler Gateway 14.1 before 14.1-12.35
  • NetScaler ADC and NetScaler Gateway 13.1 before 13.1-51.15
  • NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.21
  • NetScaler ADC 13.1-FIPS before 13.1-37.176
  • NetScaler ADC 12.1-FIPS before 12.1-55.302
  • NetScaler ADC 12.1-NDcPP before 12.1-55.302
  • Citrix Virtual Apps and Desktops before 2311
  • Citrix Virtual Apps and Desktops 1912 LTSR before CU8 hotfix 19.12.8100.4
  • Citrix Virtual Apps and Desktops 2203 LTSR before CU4

Note: NetScaler ADC and NetScaler Gateway version 12.1 is now End Of Life (EOL) and is vulnerable.

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

 

  • The vendor has issued a fix:
    NetScaler ADC and NetScaler Gateway 14.1-12.35 and later releases
    NetScaler ADC and NetScaler Gateway 13.1-51.15  and later releases of 13.1
    NetScaler ADC and NetScaler Gateway 13.0-92.21 and later releases of 13.0  
    NetScaler ADC 13.1-FIPS 13.1-37.176 and later releases of 13.1-FIPS  
    NetScaler ADC 12.1-FIPS 12.1-55.302 and later releases of 12.1-FIPS  
    NetScaler ADC 12.1-NDcPP 12.1-55.302 and later releases of 12.1-NDcPP 
  • Citrix Virtual Apps and Desktops 2311 and later

For details: https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549

 

Vulnerability Identifier

Source

Related Link

Related Tags

CitrixRemote Code ExecutionDenial of ServiceExploit In The Wild

Share with

Previous

Google Chrome Multiple Vulnerabilities

17 Jan 2024 4331 Views

Next

Microsoft Edge Multiple Vulnerabilities

18 Jan 2024 4185 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY