07.19.2023

Citrix Netscaler Active Exploit

Alert
  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 07/19/2023

Action Level - Critical

Description

Citrix has released information about a critical vulnerability which is currently being exploited in the wild. If exploited, an attacker could execute code remotely on the device without authentication. There are currently updates for all supported versions of ADC and Gateway, and Citrix recommends updating any vulnerable assets as soon as possible

Fixed Versions

  • NetScaler ADC and NetScaler Gateway 13.1-49.13  and later releases
  • NetScaler ADC and NetScaler Gateway 13.0-91.13  and later releases of 13.0 
  • NetScaler ADC 13.1-FIPS 13.1-37.159 and later releases of 13.1-FIPS 
  • NetScaler ADC 12.1-FIPS 12.1-65.36 and later releases of 12.1-FIPS 
  • NetScaler ADC 12.1-NDcPP 12.1-65.36 and later releases of 12.1-NDcPP

Note: ADC & Gateway versions 12.1 are end of life and vulnerable to this exploit

Attack Vector

An attacker with network access to a device running Citrix Netscaler ADC or Gateway, with or without authentication.

Attack Feasibility 

This vulnerability is currently being exploited in the wild.

Mitigation

There are no mitigations to this vulnerability

Remediation

Update to a current supported version of Citrix Netscaler.

Vendor Resources

MCNC
PO Box 12889
3021 East Cornwallis Road
RTP, NC 27709-2889
919-248-1900 Phone | 919-248-1101 Fax
Connect With Us
  • linkedin
  • instagram
  • x
  • facebook
  • youtube
© 2024 MCNC