Share this article on:
The Australian Cyber Security Centre (ACSC) has issued a critical alert after detecting a vulnerability in networking firmware commonly used on Australian networks.
The ACSC said that vulnerability CVE-2023-3519 had been found affecting the Citrix NetScaler ADC and NetScaler Gateway.
“The ACSC has assessed that there is significant exposure to this Citrix NetScaler ADC and NetScaler Gateway vulnerability in Australia and that any future exploitation would have significant impact to Australian systems and networks.”
Citrix, the company behind the NetScaler family of firmware, has said that exploits of the vulnerability have been found in the wild.
The detected vulnerability is the most severe of three detected vulnerabilities, according to Citrix via Rapid7.
A statement on the Rapid7 blog said that CVE-2023-3519 allows for “unauthenticated remote code execution – NOTE that the appliance must be configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server”.
Rapid7 added: “This product line is a popular target for attackers of all skill levels, and we expect that exploitation will increase quickly.”
The ACSC has said that customers of NetScaler ADC and NetScaler Gateway are highly recommended to install the latest version of both programs and that organisations should remain alert for future Citrix patches.
The other two patches detected in the Citrix NetScaler ADC and NetScaler Gateway are CVE-2023-3466 and CVE-2023-3467, both of which are considered much lower risk than CVE-2023-3519.
According to Rapid7, CVE-2023-3466 is a reflected XSS vulnerability, which requires the “victim to access an attacker-controlled link in the browser while being on a network with connectivity to the NetScaler IP (NSIP)” for successful exploitation.
CVE-2023-3467 “allows for privilege escalation to root administrator (nsroot)”.
The full critical alert can be found on the ACSC website.