Multiple versions of the Netscaler ADC and Gateway management interface are vulnerable to a newly discovered flaw that is already being exploited by hackers today.

Citrix encourages customers to immediately install the latest updates for Netscaler ADC and Gateway appliances. Two newly discovered vulnerabilities affect the management interface of these devices. Attackers can use the bugs to execute their own code or carry out a DDoS attack.

The culprits in question are CVE-2023-6548 with a score of 5.5. This error allows code execution. Then there is CVE-2023-6549 with a score of 8.2. This vulnerability allows DDoS attacks.

Don’t just abuse it

The criminals can’t just get started. To exploit the flaws, hackers need access to an account (with low privileges, just like access to NSIP, CLIP or SNIP with access to the management interface). Additionally, vulnerable devices must be configured as a gateway or AAA virtual server to be vulnerable to DDoS attacks.

The following versions are vulnerable:

• NetScaler ADC and NetScaler Gateway 14.1 for 14.1-12.35
• NetScaler ADC and NetScaler Gateway 13.1 for 13.1-51.15
• NetScaler ADC and NetScaler Gateway 13.0 for 13.0-92.21
• NetScaler ADC 13.1-FIPS for 13.1-37.176
• NetScaler ADC 12.1-FIPS for 12.1-55.302
• NetScaler ADC 12.1-NDcPP for 12.1-55.302

Citrix says it has already released patches. Administrators should install them as soon as possible because Citrix has already discovered attacks targeting the flaws.