Citrix released security updates to fix multiple vulnerabilities in its NetScaler ADC and NetScaler Gateway products, including a flaw that can lead to remote code execution.
Tracked as CVE-2023-4966, the bug is a buffer overflow issue that allows a remote attacker to execute arbitrary code on the target system by sending specially crafted data. It’s worth noting that successful exploitation of the vulnerability requires that the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or as AAAvirtualserver.
The vendor has also patched a high-risk vulnerability that can be exploited by a remote hacker to perform denial-of-service attacks. Successful exploitation of this vulnerability requires that the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or as AAAvirtualserver.
The vulnerabilities have been fixed in NetScaler ADC and NetScaler Gateway versions 14.1-8.50, 13.1-49.15, 13.0-92.19, and NetScaler ADC 13.1-FIPS 13.1-37.164, 12.1-FIPS 12.1-55.300, and 12.1-NDcPP 12.1-55.300.
Affected customers of NetScaler ADC and NetScaler Gateway are strongly advised to upgrade to the fixed versions.
Currently, there’s no indication that the above flaws were exploited in the wild.
Earlier, security researchers warned that hackers are targeting Citrix servers by exploiting a recently patched vulnerability (CVE-2023-3519) in Citrix NetScaler ADC and Gateway product. The attackers used the flaw to insert a malicious script appended to the legitimate “index.html” file into the HTML content of the authentication web page to capture user credentials.
