CISA has set a deadline of one to three weeks for addressing three vulnerabilities associated with Citrix NetScaler and Google Chrome. These zero-day vulnerabilities have been actively exploited in cyber attacks.
2 CITRIX RCES EXPLOITED
On Wednesday, January 17, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert regarding the active exploitation of three vulnerabilities. The identified vulnerabilities are CVE-2023-6548 and CVE-2023-6549. The agency promptly included these vulnerabilities in its Known Exploited Vulnerabilities Catalog and urged U.S. federal agencies to patch them as soon as possible.
The first vulnerability, with a CVSS score of 5.5, impacts NetScaler ADC and Gateway management interfaces, and the deadline to address it is January 24.
Regarding the other two vulnerabilities, one can result in a denial of service condition on specific configurations, specifically affecting vulnerable Gateway appliances such as VPN, ICA Proxy, CVPN, RDP Proxy services, or AAA virtual servers. This second vulnerability carries a higher CVSS score of 8.2. However, CISA has provided a three-week window to address these two vulnerabilities.
CVE-2023-6548 is a Remote Code Execution (RCE) vulnerability with a medium severity level (CVSS score of 5.5). It impacts Citrix NetScaler ADC and Gateway appliances, enabling an authenticated attacker with low-level privileges to execute code on the management interface of the affected devices through NSIP, SNIP, or CLIP.
The CVE-2023-6549 vulnerability is identified as a Denial of Service (DoS) vulnerability. Discovered within Citrix NetScaler ADC, it carries a CVSS score of 8.2. Threat actors can exploit this vulnerability under specific configurations of vulnerable appliances, posing a risk to VPN, ICA Proxy, CVPN, RDP Proxy services, or an AAA virtual server. The vulnerability has the potential to disrupt services by overwhelming the system, resulting in a denial of service condition.
- Citrix promptly issued an advisory, urging customers to apply updates for affected versions immediately.
- Customers utilizing Citrix-managed cloud services or Adaptive Authentication are exempt from taking any action.
- The company recommends segregating network traffic to the appliance’s management interface, following guidelines in their secure deployment guide.
- Citrix strongly advises physically or logically separating network traffic to the appliance’s management interface from regular network traffic.
- Furthermore, the management interface should not be exposed to the internet, aligning with guidelines provided in their secure deployment guide.