CVE-2023-3519:
Unauthenticated remote code execution vulnerability in Citrix NetScaler ADC and NetScaler Gateway that allows an attacker to execute arbitrary code on vulnerable devices without authentication.
Score
A numerical rating that indicates how dangerous this vulnerability is.
9.8Critical- Published Date:Jul 19, 2023
- CISA KEV Date:Jul 19, 2023
- Industries Affected:20
Threat Predictions
- EPSS Score:93.6
- EPSS Percentile:100%
Exploitability
- Score:3.9
- Attack Vector:NETWORK
- Attack Complexity:LOW
- Privileges Required:NONE
- User Interaction:NONE
- Scope:UNCHANGED
Impact
- Score:5.9
- Confidentiality Impact:HIGH
- Integrity Impact:HIGH
- Availability Impact:HIGH
Description Preview
Unauthenticated remote code execution vulnerability in Citrix NetScaler ADC and NetScaler Gateway that allows an attacker to execute arbitrary code on vulnerable devices without authentication.
Overview
Citrix NetScaler ADC and NetScaler Gateway are vulnerable to an unauthenticated remote code execution (RCE) flaw (CVE-2023-3519) that can allow an attacker to execute arbitrary code on affected devices over the network without any authentication. The issue, categorized under CWE-94 Code Injection, impacts multiple release lines and is rated CRITICAL with a CVSSv3.1 score of 9.8. The vulnerability can lead to full compromise of confidentiality, integrity, and availability, and CISA has noted active exploitation, underscoring the need for immediate remediation. Patches are available from Citrix in the corresponding security bulletin CTX561482; affected users should upgrade to the fixed versions as soon as possible.
Remediation
- Confirm exposure and affected products/versions in your environment (NetScaler ADC and NetScaler Gateway).
- Apply the appropriate patched releases:
- NetScaler ADC 13.1: upgrade to 49.13 or newer.
- NetScaler ADC 13.0: upgrade to 91.13 or newer.
- NetScaler ADC 13.1-FIPS: upgrade to 37.159 or newer.
- NetScaler ADC 12.1-FIPS: upgrade to 55.297 or newer.
- NetScaler ADC 12.1-NDcPP: upgrade to 55.297 or newer.
- NetScaler Gateway: upgrade 13.1 to 49.13 or 13.0 to 91.13 (as applicable).
- Follow standard upgrade procedures:
- Schedule a maintenance window.
- Back up configurations and verify backup integrity.
- Test the patch in a staging environment if possible.
- Perform the upgrade and reboot if required.
- Verify the software version shows the patched release and confirm the vulnerability is mitigated.
- If patching is not immediately possible:
- Restrict network exposure of Citrix management interfaces to trusted networks only (use VPNs, ACLs, or firewall rules).
- Place the appliance behind hardened network perimeter controls or WAF/IPS with rules targeting the vulnerability patterns.
- Disable or limit features that expose vulnerability surfaces and monitor ingress/egress traffic for signs of exploitation.
- Review Citrix CTX561482 advisory for any suggested mitigations or workarounds.
- After remediation:
- Re-scan affected devices to confirm remediation.
- Document the patch status in asset management and communicate to stakeholders.
- Monitor security feeds for indicators of exploitation related to CVE-2023-3519.
References
- - CTX561482: Citrix ADC and Citrix Gateway security bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467: https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467
- - Packet Storm: Citrix ADC NetScaler Remote Code Execution: http://packetstormsecurity.com/files/173997/Citrix-ADC-NetScaler-Remote-Code-Execution.html
- - CISA Known Exploited Vulnerabilities Catalog (CVE-2023-3519): https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-3519
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
