On January 16, 2024, Cloud Software Group released builds to fix CVE-2023-6548 and CVE-2023-6549, which affect NetScaler ADC and NetScaler Gateway.
You can find more details in the security bulletin.
These issues only apply to customer-managed NetScaler ADC and NetScaler Gateway. Customers using Citrix-managed cloud services or Citrix-managed Adaptive Authentication are not impacted.
We are aware of a limited number of exploits of each vulnerability in the wild. The vulnerabilities carry CVSSv3 scores of 5.5 and 8.2, respectively. We recommend immediate application of fixes — especially under certain circumstances as outlined below.
CVE-2023-6548
Successful exploitation of this issue could lead to remote code execution (RCE) through the management interface.
If you are using affected builds and have NetScaler ADC or the NetScaler Gateway management IP on the public internet, we strongly recommend that you immediately install the recommended builds. Please note that our standard configuration guidance is that you should not expose the management interface to the public internet. Rather, you should keep the NetScaler management IP on a private network.
Specifically, we recommend removing NetScaler management IP from public internet access and restricting access to NetScaler-IP, cluster-IP, and subnet-IP with management interface access from known internal host systems only. This is also a recommended best practice in the NetScaler secure configuration and deployment guide.
We discovered this vulnerability as a result of a customer report.
CVE-2023-6549
Successful exploitation of this issue could lead to a denial of service attack.
If you are using affected builds and have configured NetScaler ADC as a gateway (VPN virtual server, ICA proxy, CVPN, or RDP proxy) or as an AAA virtual server, we recommend that you immediately install the recommended builds because this vulnerability has been identified as high severity.
NetScaler ADC and NetScaler Gateway appliances that are not configured as a gateway (VPN virtual server, ICA proxy, CVPN, or RDP proxy) or as an AAA virtual server (traditional load balancing configurations, for example) and NetScaler Console (formerly called NetScaler Application Delivery Management) are not affected by CVE-2023-6549.
There are no mitigations or workarounds available for CVE-2023-6549.
We discovered this vulnerability internally, and a customer subsequently reported an exploit.
In both this communication and the related security bulletin, please understand that we are sharing only select technical details. We recognize that this can be challenging for NetScaler customers, but we are very careful about disclosing any additional information because the details could aid malicious actors in the exploit.
Update installation
Permanent fixes are available to download for NetScaler ADC and NetScaler Gateway:
For an overview of the steps to identify and remediate vulnerable NetScaler ADCs through NetScaler Console (formerly NetScaler Application Delivery Management), watch this video.
We recommend following the NetScaler secure configuration and deployment guide.
Learn more and stay up to date
- Read the security bulletin
- Sign up for security bulletin notifications
- Contact your TAM to enroll for receiving pre-notification of security bulletins
- Consult the best practices deployment guide
Improved vulnerability management with NetScaler Console (previously NetScaler Application Delivery Management)
If you use NetScaler Console, this is an ideal time to explore the security features it provides. The first two features below can help reduce your time to patch, which we believe is critical in the current threat landscape:
- Security Advisory protects your infrastructure by highlighting NetScaler ADCs with CVE exposure, scheduling on-demand vulnerability scans, and suggesting remediations.
- Upgrade Advisory helps you with the lifecycle management of NetScaler ADCs.
- File Integrity Monitoring ensures the integrity of the files on NetScaler ADCs by determining if changes have been made to your NetScaler build files.
NetScaler and Citrix are both part of Cloud Software Group, and we share the same ticketing system. If you encounter issues when you are updating your affected builds, please contact Citrix Customer Support, irrespective of whether your product includes NetScaler branding or Citrix branding.
Disclaimer:
This document is provided on an “as is” basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information contained in this document is at your own risk. Cloud Software Group reserves the right to change or update this document at any time. You are therefore recommended to always view the latest version of this document directly from the Citrix Knowledge Center.