Network admins using Citrix Gateway or Netscaler ADC should take immediate action to update their servers. A critical vulnerability has been discovered by Shadowserver security researchers, which attackers are already targeting with malicious code attacks. It has been found that more than 15,000 systems worldwide are still unpatched and therefore vulnerable, with the US leading the list with nearly 6,000 vulnerable instances, followed by Germany with 1,500 systems.
The security researchers were able to identify the vulnerable servers by scanning the Internet and categorizing all Citrix instances that returned a version hash as vulnerable. This conclusion was drawn because current secure versions no longer display the hash information. The vulnerability, known as CVE-2023-3519, poses a critical threat level. To successfully exploit this vulnerability, the gateway and Netscaler ADC must be configured as VPN Virtual Server, ICA Proxy, CVPN, RDP Proxy, or AAA Virtual Server. If this condition is met, remote malicious code attacks can be performed without authentication.
This vulnerability is of great concern as attackers can potentially gain complete control over compromised systems. Citrix advises admins to update their servers immediately. The developers have released updates that address not only this vulnerability but also two additional gaps (CVE-2023-3466 “high” and CVE-2023-3467 “high”). It is crucial to apply these patches promptly.
The existence of this vulnerability has been known since mid-July, and security updates have been made available for download. Security researchers have provided guidance on how admins can check if their systems have already been attacked. In fact, reports indicate that an exploit for this vulnerability has been traded in an underground forum since early July 2023. network admins must prioritize patching their servers to mitigate the ongoing threat.
