Citrix warns of new Netscaler 0day exploits

Citrix recommended clients on Tuesday to promptly fix Netscaler ADC and Gateway appliances that have been exposed online against two actively exploited zero-day vulnerabilities.

The two zero-days (CVE-2023-6548 and CVE-2023-6549) affect the Netscaler administration interface, exposing unpatched Netscaler instances to remote code execution and denial-of-service attacks, respectively.

To get code execution, attackers must be logged in as low-privilege users on the targeted instance and have access to NSIP, CLIP, or SNIP with management interface access.

In order to be vulnerable to DoS attacks, the equipment must also be configured as a gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

According to the business, the zero-days exclusively affect customer-managed NetScaler appliances; Citrix-managed cloud services and Citrix-managed Adaptive Authentication are unaffected.

These two zero-day vulnerabilities have affected the following Netscaler product versions:

NetScaler ADC and Gateway 14.1 Prior to 14.1-12.35
NetScaler ADC and Gateway 13.1 Prior to 13.1-51.15: NetScaler ADC and NetScaler Gateway 13.0 Prior to 13.0-92.21
NetScaler ADC 13.1-FIPS Prior to 13.1-37.176
NetScaler ADC 12.1-FIPS predates 12.1-55.302.
NetScaler ADC 12.1-NDcPP before 12.1-55.302.