• Home
  • |
  • Blog
  • |
  • How to Fix CVE-2023-3519- An Unauthenticated Remote Code Execution Vulnerability in Citrix Products?
How to Fix CVE-2023-3519- An Unauthenticated Remote Code Execution Vulnerability in Citrix Products

Citrix published a Security Bulletin on 19th July 2023 in which it disclosed 3 new vulnerabilities in Citrix ADC and Gateway Products. All three tracked under the identifiers CVE-2023-3519, CVE-2023-3466, and CVE-2023-3467 are rated Critical and High in severity with CVSS scores of 9.8, 8.3, and 8 respectively. The exploitation of these vulnerabilities would allow adversaries to perform Code Injection, Remote Code Execution, Privilege Escalation to root, and Reflected Cross-Site Scripting attacks on vulnerable versions of NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway. It is highly recommended that organizations who use NetSclar/Citrix ADC and Gateway Products should patch all these vulnerabilities in Citrix ADC and Gateway Products. Without further due, let’s see how to fix CVE-2023-3519 (Unauthenticated Remote Code Execution Vulnerability in Citrix Products) with the other two vulnerabilities in this post.

A Short Note About Citrix ADC and Gateway Products

Citrix ADC (Application Delivery Controller) and Gateway are integral components of the Citrix networking portfolio, designed to streamline and enhance network performance, security, and manageability.

Citrix ADC is an industry-leading application delivery and load-balancing solution that enables IT departments to deliver applications securely and at high speed. It offers multiple capabilities such as load balancing, content switching, SSL offloading, application firewall, optimization, and connection multiplexing, to name a few. Citrix ADC is available in different form factors including hardware, virtual, and cloud-based instances to cater to diverse organizational needs. It supports a wide range of protocols and provides SSL VPN access to applications, making it a one-stop solution for application delivery.

On the other hand, Citrix Gateway is a robust networking solution designed to provide secure, remote access to applications and desktops. It provides a secure SSL VPN connection between users and applications, enabling organizations to control access on a granular level. Citrix Gateway works in tandem with Citrix Virtual Apps and Desktops, ensuring that remote and mobile workers have secure access to their enterprise resources. It offers advanced features like single sign-on, multi-factor authentication, and session policies which enhance the security and usability of the system.

Summary of CVE-2023-3519 With Other Two Vulnerabilities

As per the advisory released by Citrix, there are three vulnerabilities identified in Citrix ADC and Gateway Products. Out of the three vulnerabilities, one is critical, and the remaining two are high in severity. All three were tracked under the identifiers CVE-2023-3519, CVE-2023-3466, and CVE-2023-3467 are rated Critical with CVSS scores of 9.8, 8.3, and 8.0 out of 10, respectively.

CVE IDDescriptionCVSS ScoreSeverity
CVE-2023-3519Unauthenticated remote code execution9.8Critical
CVE-2023-3466Reflected Cross-Site Scripting (XSS)8.3High
CVE-2023-3467Privilege Escalation to root administrator (nsroot)8.0High

CVE-2023-3519

This is a critical severity Unauthenticated remote code execution vulnerability in Citrix ADC and Citrix Gateway products. This flaw can only be exploited only if the appliances are configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

See Also  Breaking Down the Latest April 2023 Monthly PSIRT Advisory Report From Fortinet

CVE-2023-3466

This is a High severity Reflected Cross-Site Scripting (XSS) vulnerability in Citrix ADC and Citrix Gateway products. The flaw is due to Improper Control of the Generation of Code (‘Code Injection’). Attackers could exploit the victim by tricking them to click on their controlled malicious link while being on a network with connectivity to the NSIP.

CVE-2023-3467

This is a High severity Privilege Escalation to root administrator (nsroot) vulnerability in Citrix ADC and Citrix Gateway products. The flaw is due to Improper Privilege Management. Prior authentication is required to exploit this vulnerability.

Citrix Products Affected by These Vulnerabilities

According to Wouter Rijkbost and Jorren Geurts, security researchers at Resillion, these products are vulnerable to these flaws.

  • NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.13 
  • NetScaler ADC and NetScaler Gateway 13.0 before 13.0-91.13 
  • NetScaler ADC 13.1-FIPS before 13.1-37.159
  • NetScaler ADC 12.1-FIPS before 12.1-55.297
  • NetScaler ADC 12.1-NDcPP before 12.1-55.297

Note: NetScaler ADC and NetScaler Gateway version 12.1 is now End Of Life (EOL) and is vulnerable.

How to Fix CVE-2023-3519- An Unauthenticated Remote Code Execution Vulnerability in Citrix Products?

Citrix has responded these vulnerabilities by releasing the patches. We recommend installing the relevant updated versions of Citrix ADC or Citrix Gateway as soon as possible. Please download the latest versions of Citrix ADC and Citrix Gateway to apply the patches.

Patched versions of Citrix ADC and Gateway Products are:

  • NetScaler ADC and NetScaler Gateway 13.1-49.13  and later releases
  • NetScaler ADC and NetScaler Gateway 13.0-91.13  and later releases of 13.0  
  • NetScaler ADC 13.1-FIPS 13.1-37.159 and later releases of 13.1-FIPS  
  • NetScaler ADC 12.1-FIPS 12.1-55.297 and later releases of 12.1-FIPS  
  • NetScaler ADC 12.1-NDcPP 12.1-55.297 and later releases of 12.1-NDcPP 

Note: NetScaler ADC and NetScaler Gateway version 12.1 is now End Of Life (EOL). Customers are recommended to upgrade their appliances to one of the supported versions that address the vulnerabilities. 

How To Upgrade Citrix ADC?

There are different ways to upgrade the Citrix ADC appliance. Please take a look at those here:

How To Upgrade Citirx ADC

How To Upgrade Citrix Gateway?

There are different ways to upgrade the Citrix Gateway appliance. Please take a look at those here:

How To Upgrade Citirx Gateway using upgrade wizard
How To Upgrade Citirx Gateway using command prompt

We hope this post helped you know how to fix CVE-2023-3519 (Unauthenticated Remote Code Execution Vulnerability in Citrix Products) with the other two vulnerabilities. Please share this post and help secure the digital world. Visit our website, thesecmaster.com, and our social media page on FacebookLinkedInTwitterTelegramTumblrMedium, and Instagram and subscribe to receive updates like this.  

Read More:

About the author

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience spanning IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

To know more about him, you can visit his profile on LinkedIn.

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.