Citrix NetScaler devices face active zero-day exploitations

The advisory lists having prior access to NetScaler IP (NSIP), Cluster IP (CLIP), or Subnet IP (SNIP) with management interface access as a prerequisite for the exploitation of CVE-2023-6548. The vulnerability carries a common vulnerability scoring system (CVSS) score of 5.5, making it a flaw with “medium” criticality.

CVE-2023-6549, with a CVSS score of 8.2, is a vulnerability with “high” criticality and requires the appliances to be “configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy),” according to the advisory.

Impacted appliances run earlier versions

The affected appliances include the ones running outdated versions of the NetScaler ADC and NetScaler Gateway. Faulty versions include NetScaler ADC and NetScaler Gateway 13.0 (before 13.0-92.21), 13.1 (before 13.1-51.15), and 14.1(14.1-12.35).

Additionally, the Federal Information Processing Standard (FIPS) compliant versions including, NetScaler ADC FIPS 12.1 (before 12.1-55.302), and 13.1 (before 13.1-37.176) are also affected. NetScaler ADC 12.1-NDcPP before 12.1-55.302, compliant under Network Device Collaborative Protection Profile, are affected too.

“NetScaler ADC and NetScaler Gateway version 12.1 is now End of Life (EOL) and is vulnerable,” Citrix added.

Citrix has recommended customers immediately update to the latest supported versions as they address these vulnerabilities. “Exploits of these CVEs on unmitigated appliances have been observed,” Citrix said. “Cloud Software Group strongly urges affected customers of NetScaler ADC and NetScaler Gateway to install the relevant updated versions as soon as possible.” Citrix recently discovered multiple high-severity vulnerabilities in the same product lines.