Unauthenticated Remote Code Execution Vulnerability Affects Cisco Firepower Products
Key Information
- Vendor
- Citrix
- Status
- NetScaler ADC
- NetScaler Gateway
- Vendor
- CVE Published:
- 19 July 2023
Badges
Summary
A remote code execution vulnerability (CVE-2023-3519) affecting Citrix NetScaler ADC and Gateway devices has been actively exploited in the wild. The flaw allows attackers to execute code remotely without authentication, posing a severe security risk with a CVSS score of 9.8. IBM X-Force has observed threat actors leveraging CVE-2023-3519 to conduct a credential harvesting campaign, inserting a malicious script into the HTML content of the authentication web page to capture user credentials. This has led to at least 600 unique victim IP addresses hosting modified NetScaler Gateway login pages. The attacks are opportunistic and widespread, targeting organizations across the U.S. and Europe. Citrix has released updated versions to address the vulnerability and advises customers to apply the patches immediately to protect against exploitation. Additionally, the article highlights the broader issue of critical vulnerabilities being actively targeted by threat actors, emphasizing the need for timely patching and security measures to mitigate the risk of advanced cyber threats.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2023-3519 as being exploited and is known by the CISA as enabling ransomware campaigns.
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
NetScaler ADC < 49.13
NetScaler ADC < 91.13
NetScaler ADC < 37.159
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Cybersecurity Advisory: Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells | AHA
The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory to warn network defenders about exploitation of CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller (ADC)...
5 days ago
Surge in exploits of zero-day vulnerabilities is ‘new normal’ warns Five Eyes alliance
In a co-authored advisory, the agencies list the top 15 most routinely exploited vulnerabilities of 2023, with CVE-2023-3519 — an issue affecting Citrix’s networking product NetScalers — being the most widely used.
1 week ago
cyfirma CVE-2023-3519Unveiling CVE-2023-3519 : Citrix ADC & Gateway Vulnerability Analysis - CYFIRMA
Published On : 2023-08-25 EXECUTIVE SUMMARY A critical unauthenticated remote code execution vulnerability, denoted as CVE- 2023-3519, has been exposed within the architecture of Citrix ADC and...
1 week ago
EPSS Score
96% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
First article discovered by Security Affairs
- 👾
Exploit exists.
Vulnerability published.
Vulnerability Reserved.