Citrix Products Multiple Vulnerabilities
Multiple vulnerabilities were identified in Citrix Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and remote code execution on the targeted system.
Note:
CVE-2023-6548 and CVE-2023-6549 is being exploited in the wild.
For CVE-2023-6548, need authenticated (low privileged) and need access to NSIP, CLIP or SNIP with management interface access.
For CVE-2023-6549, the affected appliance is needed to configure as a VPN virtual server, ICA Proxy, CVPN, RDP Proxy or AAA virtual server.
Hence, the risk level is rated as High.
[Updated on 2024-01-18]
Updated System / Technologies affected, Solutions, Vulnerability Identifier and Related Links.
RISK: High Risk
TYPE: Operating Systems – Networks OS
Impact
- Remote Code Execution
- Denial of Service
System / Technologies affected
- NetScaler ADC and NetScaler Gateway 14.1 before 14.1-12.35
- NetScaler ADC and NetScaler Gateway 13.1 before 13.1-51.15
- NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.21
- NetScaler ADC 13.1-FIPS before 13.1-37.176
- NetScaler ADC 12.1-FIPS before 12.1-55.302
- NetScaler ADC 12.1-NDcPP before 12.1-55.302
- Citrix Virtual Apps and Desktops before 2311
- Citrix Virtual Apps and Desktops 1912 LTSR before CU8 hotfix 19.12.8100.4
- Citrix Virtual Apps and Desktops 2203 LTSR before CU4
Note: NetScaler ADC and NetScaler Gateway version 12.1 is now End Of Life (EOL) and is vulnerable.
Solutions
Before installation of the software, please visit the software vendor web-site for more details.
- The vendor has issued a fix:
NetScaler ADC and NetScaler Gateway 14.1-12.35 and later releases
NetScaler ADC and NetScaler Gateway 13.1-51.15 and later releases of 13.1
NetScaler ADC and NetScaler Gateway 13.0-92.21 and later releases of 13.0
NetScaler ADC 13.1-FIPS 13.1-37.176 and later releases of 13.1-FIPS
NetScaler ADC 12.1-FIPS 12.1-55.302 and later releases of 12.1-FIPS
NetScaler ADC 12.1-NDcPP 12.1-55.302 and later releases of 12.1-NDcPP - Citrix Virtual Apps and Desktops 2311 and later
Vulnerability Identifier
Source
Related Link
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
