2024-01-18
Citrix Vulnerabilities Added to KEV; One Has a One-Week Mitigation Deadline
Citrix has published an advisory regarding two vulnerabilities that affect Citrix NetScaler ADC and NetScaler Gateway. The US Cybersecurity and Infrastructure Security Agency (CISA) has added both to its Known exploited Vulnerabilities (KEV) catalog. One of the vulnerabilities (CVE-2023-6548) is a code injection issue; CISA has given Federal Civilian Executive Branch (FCEB) Agencies until January 24 to apply patches or upgrade to a fixed version. The second vulnerability (CVE-2023-6549) is an improper restriction of operations within the bounds of a memory buffer issue; FCEB agencies have until February 7 to address that flaw.
Editor's Note
Citrix, Ivanti, Sonicwall. This edition of NewsBites covers three different known to be exploited vulnerabilities in commercial perimeter security devices. This shouldn't be news to anybody. Back in 2020, we added this as one of our top attack vectors for our annual RSA keynote. You must include perimeter devices in your vulnerability management process and you must be able to mitigate vulnerabilities within days, not weeks, months or years.
Johannes Ullrich
This is separate from the November/December CitrixBleed flaw, but with the success of those exploits, threat actors are likely to be seeking similar results with these, particularly CVE-2023-6548. Apply the update, then make sure the management interface is either logically or physically isolated. Beyond this flaw, threat actors are searching for, finding, and attacking exposed management interfaces. While it’s increasingly necessary for these to be available for remote support, you still need to only access them via a secure pathway.
Lee Neely
Read more in
The Record: In alerting about two Citrix bugs, CISA recommends immediate attention for one
The Register: Two more Citrix NetScaler bugs exploited in the wild
Bleeping Computer: CISA pushes federal agencies to patch Citrix RCE within a week
Citrix: NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549