Thousands of Citrix Netscaler ADC and Gateway servers are vulnerable to remote code execution (RCE) attacks.
According to ShadowServer researchers, at least 15,000 Citrix Netscaler ADC and Gateway servers have not yet been patched for the CVE-2023-3519 vulnerability found early this month. This vulnerability is labeled as very critical and is said to be already abused in the wild for RCE attacks. Especially in the US and Germany, there are still many unpatched servers.
Presence version hash
The security experts base their findings on IP addresses that still have a Citrix version hash. Citrix has actually removed version hashes in the most recent software versions.
The researchers therefore assume that all Citrix instances found with version hashes are vulnerable to CVE-2023-3519. They indicate that the number of still vulnerable servers may be higher than they currently indicate.
Citrix released a patch for the vulnerability on July 18 and advises customers to update quickly. Citrix Netscaler ADC and Gateway servers at risk should include those configured as a gateway (VPN virtual server, ICA Prox, CVPN, RDP Proxy) or authentication virtual server.
Also patches for other vulnerabilities
Also on the same date, the virtualization and cloud specialist implemented two patches for previously found vulnerabilities CVE-2023-3466 and CVE-2023-3467. The first allows hackers to perform reflected cross-site scripting (XSS) attacks by loading a malicious link into the Web browser of victims on the same network.
The second vulnerability allows privileges to be upgraded to give hackers root privileges.
Read more: Thousands of Citrix ADC and Gateway endpoints still vulnerable