On July 18, 2023, Citrix, the manufacturer, revealed a critical vulnerability impacting its products NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). This vulnerability, identified under Common Vulnerabilities and Exposures (CVE) as CVE-2023-3519, has been classified as “critical” with a CVSS score of 9.8. It allows an unauthorized remote attacker to execute code on the affected system. The vulnerability’s root cause lies in the injection of untrusted data into a programming language or runtime environment, commonly referred to as “Code Injection” (CWE-94).
Citrix’s published advisory indicates that attempts to exploit this vulnerability have already been observed. In light of these circumstances, the Federal Office for Information Security (BSI) strongly advises all affected customers using NetScaler ADC and NetScaler Gateway to promptly install the relevant updates.
The severity of this vulnerability underscores the necessity for immediate action to protect systems and data from potential compromise. Cybersecurity experts emphasize the significance of staying vigilant and proactive in maintaining the security posture of critical infrastructure and systems.
Organizations relying on Citrix’s products are urged to prioritize updating their systems with the latest patches to mitigate any potential risks associated with this critical security flaw. This incident serves as a reminder of the ever-evolving threat landscape, highlighting the importance of rapid response and collaboration between manufacturers and users to ensure digital security.
https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2023/2023-249164-1032.html