Citrix is warning of two zero-day security vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that are being actively exploited in the wild.
The flaws are listed below –
The following customer-managed versions of NetScaler ADC and NetScaler Gateway are impacted by the shortcomings –
“Exploits of these CVEs on unmitigated appliances have been observed,” Citrix said, without sharing any additional specifics. Users of NetScaler ADC and NetScaler Gateway version 12.1 are recommended to upgrade their appliances to a supported version that patches the flaws.
It’s also advised to not expose the management interface to the internet to reduce the risk of exploitation.
In recent months, multiple security vulnerabilities in Citrix appliances (CVE-2023-3519 and CVE-2023-4966) have been weaponized by threat actors to drop web shells and hijack existing authenticated sessions.
The disclosure comes as VMware alerted customers of a critical security vulnerability in Aria Automation (previously vRealize Automation) that could allow an authenticated attacker to gain unauthorized access to remote organizations and workflows.
The issue has been assigned the CVE identifier CVE-2023-34063 (CVSS score: 9.9), with the Broadcom-owned virtualization services provider describing it as a “missing access control” flaw.
Commonwealth Scientific and Industrial Research Organization’s (CSIRO) Scientific Computing Platforms team has been credited with discovering and reporting the security vulnerability.
The versions impacted by the vulnerability are provided below –
“The only supported upgrade path after applying the patch is to version 8.16,” VMware said. “If you upgrade to an intermediate version, the vulnerability will be reintroduced, requiring an additional round of patching.”
The development also follows Atlassian’s release of patches for over two dozen vulnerabilities, including a critical remote code execution (RCE) flaw impacting Confluence Data Center and Confluence Server.
The vulnerability, CVE-2023-22527, has been assigned a CVSS score of 10.0, indicating maximum severity. It affects versions 8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, and 8.5.0-8.5.3. It’s worth noting that 7.19.x LTS versions are not affected by the vulnerability.
“A template injection vulnerability on out-of-date versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected version,” the Australian company said.
The issue has been addressed in versions 8.5.4, 8.5.5 (Confluence Data Center and Server), 8.6.0, 8.7.1, and 8.7.2 (Data Center only). Users who are on out-of-date instances are recommended to update their installations to the latest version available.