CVE-2023-3519 | Armis Vulnerability Intelligence Database

Description Preview

CVE-2023-3519 is a security vulnerability affecting specific versions of Citrix NetScaler ADC and NetScaler Gateway. This vulnerability allows an attacker to execute arbitrary code on the affected systems without requiring authentication. The vulnerability has a CVSS score of 9.8, indicating a critical severity level, with high impacts on confidentiality, integrity, and availability. The issue is categorized under CWE-94, which pertains to improper control of code generation, commonly known as code injection. The affected versions include certain patches of NetScaler ADC and NetScaler Gateway, and it is crucial for users to apply the necessary updates to mitigate the risk.

Overview

CVE ID: CVE-2023-3519
Vendor: Citrix
Products Affected:
- NetScaler ADC (versions 13.1 < 49.13, 13.0 < 91.13, 13.1-FIPS < 37.159, 12.1-FIPS < 55.297, 12.1-NDcPP < 55.297)
- NetScaler Gateway (versions 13.1 < 49.13, 13.0 < 91.13)
Vulnerability Type: Unauthenticated remote code execution
CVSS Score: 9.8 (Critical)
Impact: High impact on confidentiality, integrity, and availability.

Remediation

To remediate CVE-2023-3519, users should upgrade their Citrix NetScaler ADC and NetScaler Gateway to the latest versions that are not affected by this vulnerability. Specifically, users should ensure that:

NetScaler ADC is updated to versions 13.1 >= 49.13, 13.0 >= 91.13, 13.1-FIPS >= 37.159, 12.1-FIPS >= 55.297, and 12.1-NDcPP >= 55.297.
NetScaler Gateway is updated to versions 13.1 >= 49.13 and 13.0 >= 91.13.

For detailed instructions on the update process, refer to the Citrix security bulletin.

References

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

Finance and Insurance: Low
Finance and Insurance
Manufacturing: Low
Manufacturing
Arts, Entertainment & Recreation: Low
Arts, Entertainment & Recreation
Health Care & Social Assistance: Low
Health Care & Social Assistance
Accommodation & Food Services: Low
Accommodation & Food Services
Administrative, Support, Waste Management & Remediation Services: Low
Administrative, Support, Waste Management & Remediation Services
Agriculture, Forestry Fishing & Hunting: Low
Agriculture, Forestry Fishing & Hunting
Construction: Low
Construction
Educational Services: Low
Educational Services
Information: Low
Information
Management of Companies & Enterprises: Low
Management of Companies & Enterprises
Mining: Low
Mining
Other Services (except Public Administration): Low
Other Services (except Public Administration)
Professional, Scientific, & Technical Services: Low
Professional, Scientific, & Technical Services
Public Administration: Low
Public Administration
Real Estate Rental & Leasing: Low
Real Estate Rental & Leasing
Retail Trade: Low
Retail Trade
Transportation & Warehousing: Low
Transportation & Warehousing
Utilities: Low
Utilities
Wholesale Trade: Low
Wholesale Trade

^{CVE-2023-3519:}CVE-2023-3519 is a critical vulnerability in Citrix NetScaler ADC and NetScaler Gateway that allows for unauthenticated remote code execution.

Description Preview

Overview

Remediation

References

Focus on What Matters

Let's talk!