Citrix, VMware, and Atlassian Hit with Critical Flaws

Citrix, VMware, and Atlassian Hit with Critical Flaws — Patch ASAP!

Jan 17, 2024 06:00 am Cyber Security 150

Jan 17, 2024NewsroomVulnerability / Cyber Threat

Citrix is warning of two zero-day security vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that are being actively exploited in the wild.

The flaws are listed below -

CVE-2023-6548 (CVSS score: 5.5) - Authenticated (low privileged) remote code execution on Management Interface (requires access to NSIP, CLIP, or SNIP with management interface access)

CVE-2023-6549 (CVSS score: 8.2) - Denial-of-service (requires that the appliance be configured as a Gateway or authorization and accounting, or AAA, virtual server)

The following customer-managed versions of NetScaler ADC and NetScaler Gateway are impacted by the shortcomings -

NetScaler ADC and NetScaler Gateway 14.1 before 14.1-12.35

NetScaler ADC and NetScaler Gateway 13.1 before 13.1-51.15

NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.21

NetScaler ADC and NetScaler Gateway version 12.1 (currently end-of-life)

NetScaler ADC 13.1-FIPS before 13.1-37.176

NetScaler ADC 12.1-FIPS before 12.1-55.302, and

NetScaler ADC 12.1-NDcPP before 12.1-55.302

"Exploits of these CVEs on unmitigated appliances have been observed," Citrix said, without sharing any additional specifics. Users of NetScaler ADC and NetScaler Gateway version 12.1 are recommended to upgrade their appliances to a supported version that patches the flaws.

It's also advised to not expose the management interface to the internet to reduce the risk of e ..

Support the originator by clicking the read the rest link below.