Active Exploitation of 2 Citrix Remote Code Execution (RCE) Vulnerabilities, CISA Issues Notification

Home/BOTNET, cisco, Compromised, Exploitation, Internet Security, Mobile Security, Security Advisory, Security Update/Active Exploitation of 2 Citrix Remote Code Execution (RCE) Vulnerabilities, CISA Issues Notification

Active Exploitation of 2 Citrix Remote Code Execution (RCE) Vulnerabilities, CISA Issues Notification

CISA has set a deadline of one to three weeks for addressing three vulnerabilities associated with Citrix NetScaler and Google Chrome. These zero-day vulnerabilities have been actively exploited in cyber attacks.

2 CITRIX RCES EXPLOITED

On Wednesday, January 17, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert regarding the active exploitation of three vulnerabilities. The identified vulnerabilities are CVE-2023-6548 and CVE-2023-6549. The agency promptly included these vulnerabilities in its Known Exploited Vulnerabilities Catalog and urged U.S. federal agencies to patch them as soon as possible.

The first vulnerability, with a CVSS score of 5.5, impacts NetScaler ADC and Gateway management interfaces, and the deadline to address it is January 24.

Regarding the other two vulnerabilities, one can result in a denial of service condition on specific configurations, specifically affecting vulnerable Gateway appliances such as VPN, ICA Proxy, CVPN, RDP Proxy services, or AAA virtual servers. This second vulnerability carries a higher CVSS score of 8.2. However, CISA has provided a three-week window to address these two vulnerabilities.

CVE-2023-6548 is a Remote Code Execution (RCE) vulnerability with a medium severity level (CVSS score of 5.5). It impacts Citrix NetScaler ADC and Gateway appliances, enabling an authenticated attacker with low-level privileges to execute code on the management interface of the affected devices through NSIP, SNIP, or CLIP.

The CVE-2023-6549 vulnerability is identified as a Denial of Service (DoS) vulnerability. Discovered within Citrix NetScaler ADC, it carries a CVSS score of 8.2. Threat actors can exploit this vulnerability under specific configurations of vulnerable appliances, posing a risk to VPN, ICA Proxy, CVPN, RDP Proxy services, or an AAA virtual server. The vulnerability has the potential to disrupt services by overwhelming the system, resulting in a denial of service condition.

Mitigation

  1. Citrix promptly issued an advisory, urging customers to apply updates for affected versions immediately.
  2. Customers utilizing Citrix-managed cloud services or Adaptive Authentication are exempt from taking any action.
  3. The company recommends segregating network traffic to the appliance’s management interface, following guidelines in their secure deployment guide.
  4. Citrix strongly advises physically or logically separating network traffic to the appliance’s management interface from regular network traffic.
  5. Furthermore, the management interface should not be exposed to the internet, aligning with guidelines provided in their secure deployment guide.

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

Post Views: 248
By | 2024-01-25T07:03:05+05:30 January 24th, 2024|BOTNET, cisco, Compromised, Exploitation, Internet Security, Mobile Security, Security Advisory, Security Update|

About the Author:

FirstHackersNews- Identifies Security

Related Posts

Leave A Comment

Subscribe to our newsletter to receive security tips everday!