A remote code execution (RCE) vulnerability in several versions of NetScaler ADC (Citrix ADC) and NetScaler Gateway (Citrix Gateway) [CVE-2023-3519]. It allows remote, unauthenticated attackers to directly gain control and execute arbitrary code to a vulnerable device/server. This vulnerability is rated as critical.
Appliances configured as a Gateway (e.g. VPN, ICA Proxy, CVP, RDP Proxy) or an AAA virtual server are vulnerable.
What To Do
If your organization is using an affected version of Citrix NetScaler, patch immediately.
To identify third parties who may be exposed to this vulnerability:
- Use Vulnerability Detection to search for Suspected Exposure to CVE-2023-3519. Its presence means a version of Citrix ADC or Gateway is vulnerable.
- See the Companies List page to identify which monitored companies show evidence of using Citrix NetScaler.
- Select Citrix NetScaler & Citrix NetScaler Access Gateway: Apply Filters
- You can also refer to CVE-2019-19781, which can be used as a rough proxy given its impact on the same product family: Apply Filters
- Preliminary results of a product fingerprinting scan are available. Use the results to identify internet-facing versions of products on IPs attributed to companies within your Bitsight portfolio. Contact your Bitsight Customer Success Manager or Bitsight Support to learn more.
These search mechanisms are likely to return different results, as the former is identifying use of the NetScaler product, while the latter is looking for instances of NetScaler with a specific, older vulnerability.
Frequently Asked Questions
- Is Bitsight impacted?
- Is there a specific set of the filters to use?
- Will this affect my rating?
- Why is CVE-2023-3519 not in the platform?
Is Bitsight impacted?
Bitsight is not impacted by this vulnerability and does not utilize these products.
Is there a specific set of the filters to use?
We recommend selecting all NetScaler products from the Open Ports, Software, and Products filter sections.
Selecting all products within a filter section results in an implicit OR and may cause you to unintentionally exclude results; while selecting products across filter sections result in an AND.
Will this affect my rating?
Our research effort for this CVE is still in progress. Detected exposure will only impact the rating if we have `confirmed exposure` from our vulnerability evidence.
Why is CVE-2023-3519 not in the platform?
Security Research is currently looking into support for this vulnerability. We can expect updates in the coming days. See the current cybersecurity news.
Resources
- Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467
- Citrix Releases Security Updates for NetScaler ADC and Gateway | CISA
- CVE-2023-3519: Critical RCE in NetScaler ADC (Citrix ADC) and NetScaler Gateway (Citrix Gateway) - Blog | Tenable®
- Critical and High Vulnerabilities in Citrix ADC and Citrix Gateway (CVE-2023-3519, CVE-2023-3466, CVE-2023-3467)
- August 8, 2023: Vulnerability Detection available.
- July 24, 2023: Fingerprint scan is now available.
- July 19, 2023: Published.
Feedback
0 comments
Please sign in to leave a comment.