In today’s SensCy Cyber Alert, your SensCy team recommends Citrix users to apply security patches for three “Critical” vulnerabilities in Citrix ADC and Gateway that is currently exploited by hackers. Citrix ADC and Citrix Gateway are now referred to as NetScaler ADC and NetScaler Gateway.
The most severe vulnerability can be tracked as CVE-2023-3519 and allows an unauthenticated individual to execute commands remotely on vulnerable devices and take control over them without authentication.
The vulnerability impacts the following versions of Citrix ADC and Citrix Gateway:
NetScaler ADC and NetScaler Gateway 13.1-49.13 and later releases
NetScaler ADC and NetScaler Gateway 13.0-91.13 and later releases of 13.0
NetScaler ADC 13.1-FIPS 13.1-37.159 and later releases of 13.1-FIPS
NetScaler ADC 12.1-FIPS 12.1-65.36 and later releases of 12.1-FIPS
NetScaler ADC 12.1-NDcPP 12.1-65.36 and later releases of 12.1-NDcPP
Please note that NetScaler ADC and NetScaler Gateway version 12.1 have reached end-of-life and will not receive software updates, it is recommended that you upgrade to newer versions of the product.
If you have any questions, please contact your Cyber Advocate.