Citrix recommends that ADC and Gateway customers apply a patch immediately because it fixes a bug that is currently being actively exploited by attackers.

Hackers are actively exploiting a zero-day vulnerability in Citrix Netscaler ADC and Netscaler Gateway (Netscaler has been back in the name since October of last year). The vulnerability is called CVE-2023-3519 and is quite critical with a value of 9.8. Attackers exploit the critical flaw along with two other attack vulnerabilities. This allows them to execute malicious code.

patch

Citrix provides a patch that aims to close the zero-day vulnerabilities. Attacks are not hypothetical, so anyone with affected hardware should make updating an absolute priority. With the following versions you are on the safe side:

• NetScaler ADC and NetScaler Gateway 13.1-49.13 and newer
• NetScaler ADC and NetScaler Gateway 13.0-91.13 and later versions of 13.0
• NetScaler ADC 13.1-FIPS 13.1-37.159 and later versions of 13.1-FIPS
• NetScaler ADC 12.1-FIPS 12.1-65.36 and later versions of 12.1-FIPS
• NetScaler ADC 12.1-NDcPP 12.1-65.36 and later versions of 12.1-NDcPP

The zero-day leak has been circulating in criminal circles for several weeks. Citrix was reportedly aware of this but decided not to make any communication until a feature patch was deployed to prevent mass abuse.

As usual, too many users will ignore the quick patch advice, so vulnerabilities will remain an interesting attack vector for hackers for some time to come. Now that the news is spreading around the world, the abuse will only increase.