Security
Headlines
HeadlinesLatestCVEs

Headline

Zero-Day Attacks Exploited Critical Vulnerability in Citrix ADC and Gateway

Citrix is alerting users of a critical security flaw in NetScaler Application Delivery Controller (ADC) and Gateway that it said is being actively exploited in the wild. Tracked as CVE-2023-3519 (CVSS score: 9.8), the issue relates to a case of code injection that could result in unauthenticated remote code execution. It impacts the following versions -

NetScaler ADC and NetScaler Gateway 13.1

The Hacker News
#xss#vulnerability#web#wordpress#rce#auth#zero_day#The Hacker News

Vulnerability / Cyber Threat

Citrix is alerting users of a critical security flaw in NetScaler Application Delivery Controller (ADC) and Gateway that it said is being actively exploited in the wild.

Tracked as CVE-2023-3519 (CVSS score: 9.8), the issue relates to a case of code injection that could result in unauthenticated remote code execution. It impacts the following versions -

  • NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.13
  • NetScaler ADC and NetScaler Gateway 13.0 before 13.0-91.13
  • NetScaler ADC and NetScaler Gateway version 12.1 (currently end-of-life)
  • NetScaler ADC 13.1-FIPS before 13.1-37.159
  • NetScaler ADC 12.1-FIPS before 12.1-55.297, and
  • NetScaler ADC 12.1-NDcPP before 12.1-55.297

The company did not give further details on the flaw tied to CVE-2023-3519 other than to say that exploits for the flaw have been observed on “unmitigated appliances.” However, successful exploitation requires the device to be configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or authorization and accounting (AAA) virtual server.

Also addressed alongside CVE-2023-3519 are two other bugs -

  • CVE-2023-3466 (CVSS score: 8.3) - An improper input validation vulnerability resulting in a reflected cross-site scripting (XSS) attack
  • CVE-2023-3467 (CVSS score: 8.0) - An improper privilege management vulnerability results in privilege escalation to the root administrator (nsroot)

Wouter Rijkbost and Jorren Geurts of Resillion have been credited with reporting the bugs. Patches have been made available to address the three flaws in the below versions -

  • NetScaler ADC and NetScaler Gateway 13.1-49.13 and later releases
  • NetScaler ADC and NetScaler Gateway 13.0-91.13 and later releases of 13.0
  • NetScaler ADC 13.1-FIPS 13.1-37.159 and later releases of 13.1-FIPS
  • NetScaler ADC 12.1-FIPS 12.1-55.297 and later releases of 12.1-FIPS, and
  • NetScaler ADC 12.1-NDcPP 12.1-55.297 and later releases of 12.1-NDcPP

Customers of NetScaler ADC and NetScaler Gateway version 12.1 are recommended to upgrade their appliances to a supported version to mitigate potential threats.

UPCOMING WEBINAR

Shield Against Insider Threats: Master SaaS Security Posture Management

Worried about insider threats? We’ve got you covered! Join this webinar to explore practical strategies and the secrets of proactive security with SaaS Security Posture Management.

Join Today

The development comes amid active exploitation of security flaws discovered in Adobe ColdFusion (CVE-2023-29298 and CVE-2023-38203) and the WooCommerce Payments WordPress plugin (CVE-2023-28121).

Leaving security flaws in WordPress plugins could open the door to complete compromise, enabling threat actors to repurpose the compromised WordPress sites for other malicious activities.

Last month, eSentire disclosed an attack campaign dubbed Nitrogen wherein infected WordPress sites have been used to host malicious ISO image files that, when launched, culminate in the deployment of rogue DLL files capable of contacting a remote server to fetch additional payloads, including Python scripts and Cobalt Strike.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Related news

RansomHub Ransomware Group Targets 210 Victims Across Critical Sectors

Threat actors linked to the RansomHub ransomware group encrypted and exfiltrated data from at least 210 victims since its inception in February 2024, the U.S. government said. The victims span various sectors, including water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services,

U.S. Agencies Warn of Iranian Hacking Group's Ongoing Ransomware Attacks

U.S. cybersecurity and intelligence agencies have called out an Iranian hacking group for breaching multiple organizations across the country and coordinating with affiliates to deliver ransomware. The activity has been linked to a threat actor dubbed Pioneer Kitten, which is also known as Fox Kitten, Lemon Sandstorm (formerly Rubidium), Parisite, and UNC757, which it described as connected to

CISA Flags 6 Vulnerabilities - Apple, Apache, Adobe , D-Link, Joomla Under Attack

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This includes CVE-2023-27524 (CVSS score: 8.9), a high-severity vulnerability impacting the Apache Superset open-source data visualization software that could enable remote code execution.

Citrix Devices Under Attack: NetScaler Flaw Exploited to Capture User Credentials

A recently disclosed critical flaw in Citrix NetScaler ADC and Gateway devices is being exploited by threat actors to conduct a credential harvesting campaign. IBM X-Force, which uncovered the activity last month, said adversaries exploited "CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user

Citrix NetScaler Alert: Ransomware Hackers Exploiting Critical Vulnerability

Unpatched Citrix NetScaler systems exposed to the internet are being targeted by unknown threat actors in what's suspected to be a ransomware attack. Cybersecurity company Sophos is tracking the activity cluster under the moniker STAC4663. Attack chains involve the exploitation of CVE-2023-3519, a critical code injection vulnerability impacting NetScaler ADC and Gateway servers that could

CISA Adds Citrix ShareFile Flaw to KEV Catalog Due to In-the-Wild Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Citrix ShareFile storage zones controller to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active in-the-wild exploitation. Tracked as CVE-2023-24489 (CVSS score: 9.8), the shortcoming has been described as an improper access control bug that, if successfully exploited

Citrix NetScalers backdoored in widespread exploitation campaign

Categories: Exploits and vulnerabilities Categories: News Tags: Citrix Tags: NetScalers Tags: Germany Tags: CVE-2023-3519 Tags: Fox-IT Tags: DIVD Researchers have found almost 2000 backdoored Citrix NetScalers, many of which were patched after the backdoor in the form of a web shell was dropped. (Read more...) The post Citrix NetScalers backdoored in widespread exploitation campaign appeared first on Malwarebytes Labs.

Nearly 2,000 Citrix NetScaler Instances Hacked via Critical Vulnerability

Nearly 2,000 Citrix NetScaler instances have been compromised with a backdoor by weaponizing a recently disclosed critical security vulnerability as part of a large-scale attack. "An adversary appears to have exploited CVE-2023-3519 in an automated fashion, placing web shells on vulnerable NetScalers to gain persistent access," NCC Group said in an advisory released Tuesday. "The adversary can

Citrix ADC (NetScaler) Remote Code Execution

A vulnerability exists within Citrix ADC that allows an unauthenticated attacker to trigger a stack buffer overflow of the nsppe process by making a specially crafted HTTP GET request. Successful exploitation results in remote code execution as root.

Hundreds of Citrix NetScaler ADC and Gateway Servers Hacked in Major Cyber Attack

Hundreds of Citrix NetScaler ADC and Gateway servers have been breached by malicious actors to deploy web shells, according to the Shadowserver Foundation. The non-profit said the attacks take advantage of CVE-2023-3519, a critical code injection vulnerability that could lead to unauthenticated remote code execution. The flaw, patched by Citrix last month, carries a CVSS score of 9.8. The

Apple iOS, Google Android Patch Zero-Days in July Security Updates

Plus: Mozilla fixes two high-severity bugs in Firefox, Citrix fixes a flaw that was used to attack a US-based critical infrastructure organization, and Oracle patches over 500 vulnerabilities.

CISA: You've got two weeks to patch Citrix NetScaler vulnerability CVE-2023-3519

Categories: Exploits and vulnerabilities Categories: News Tags: Citrix Tags: NetScaler Tags: CVE-2023-3519 Tags: web shell A critical unauthenticated remote code execution vulnerability in Citrix NetScaler ADC and Citrix NetScaler Gateway is being actively exploited (Read more...) The post CISA: You've got two weeks to patch Citrix NetScaler vulnerability CVE-2023-3519 appeared first on Malwarebytes Labs.

Citrix NetScaler ADC and Gateway Devices Under Attack: CISA Urges Immediate Action

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory on Thursday warning that the newly disclosed critical security flaw in Citrix NetScaler Application Delivery Controller (ADC) and Gateway devices is being abused to drop web shells on vulnerable systems. "In June 2023, threat actors exploited this vulnerability as a zero-day to drop a web shell on a critical

CVE-2023-38203: Adobe Security Bulletin

Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.

Adobe Rolls Out New Patches for Actively Exploited ColdFusion Vulnerability

Adobe has released a fresh round of updates to address an incomplete fix for a recently disclosed ColdFusion flaw that has come under active exploitation in the wild. The critical shortcoming, tracked as CVE-2023-38205 (CVSS score: 7.5), has been described as an instance of improper access control that could result in a security bypass. It impacts the following versions: ColdFusion 2023 (Update

Cybercriminals Exploiting WooCommerce Payments Plugin Flaw to Hijack Websites

Threat actors are actively exploiting a recently disclosed critical security flaw in the WooCommerce Payments WordPress plugin as part of a massive targeted campaign. The flaw, tracked as CVE-2023-28121 (CVSS score: 9.8), is a case of authentication bypass that enables unauthenticated attackers to impersonate arbitrary users and perform some actions as the impersonated user, including an

Cybercriminals Exploiting WooCommerce Payments Plugin Flaw to Hijack Websites

Threat actors are actively exploiting a recently disclosed critical security flaw in the WooCommerce Payments WordPress plugin as part of a massive targeted campaign. The flaw, tracked as CVE-2023-28121 (CVSS score: 9.8), is a case of authentication bypass that enables unauthenticated attackers to impersonate arbitrary users and perform some actions as the impersonated user, including an

Cybercriminals Exploiting WooCommerce Payments Plugin Flaw to Hijack Websites

Threat actors are actively exploiting a recently disclosed critical security flaw in the WooCommerce Payments WordPress plugin as part of a massive targeted campaign. The flaw, tracked as CVE-2023-28121 (CVSS score: 9.8), is a case of authentication bypass that enables unauthenticated attackers to impersonate arbitrary users and perform some actions as the impersonated user, including an

CVE-2023-29298: Adobe Security Bulletin

Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.

CVE-2023-28121: Critical Vulnerability Patched in WooCommerce Payments – What You Need to Know

An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.