Citrix has issued a security advisory regarding two publicly exploited zero-day vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (previously Citrix Gateway).
The following are the shortcomings:
- The CVSS score for CVE-2023-6548 is 5.5. – Execution of authenticated, low-privileged code remotely over the Management Interface (NSIP, CLIP, or SNIP access is necessary)
- vulnerability with a CVSS score of 8.2 – DoS (if the appliance is not set up as a Gateway or a AAA virtual server, authorization and accounting is necessary)
- Issues with these versions of NetScaler ADC and NetScaler Gateway that are maintained by customers are —
- Before 14.1.12.35, NetScaler ADC and NetScaler Gateway were both 14.1.
- The following versions of NetScaler ADC and Gateway are available: 13.1, 13.0-92.21, and 13.1, respectively, from versions 13.1 to 51.15.
- The version 12.1 of NetScaler ADC and NetScaler Gateway is no longer supported.
- Prior to 13.1-37.176, NetScaler ADC 13.1-FIPS
- Prior to 12.1-55.302, NetScaler ADC 12.1-FIPS, and NetScaler ADC 12.1-NDcPP
Citrix stated, “Exploits of these CVEs on unmitigated appliances have been observed,” but did not include any further details. Users are advised to update their NetScaler ADC and NetScaler Gateway appliances to a supported version that fixes the vulnerabilities. The current version is 12.1.
To further lessen the possibility of exploitation, it is recommended that the management interface not be exposed to the internet.
Hackers have been using two Citrix security flaws (CVE-2023-3519 and CVE-2023-4966) as a weapon to steal authorized sessions and dump web shells in the past few months.
Important Aria Automation Vulnerability Patched by VMware
Aria Automation (formerly vRealize Automation) has a serious security hole that might let an authorized attacker access remote organizations and workflows without their knowledge. VMware has already warned its customers about this hole.
The “missing access control” vulnerability, which is owned by Broadcom, has been identified and awarded the CVE identifier CVE-2023-34063 (CVSS score: 9.9).
It was the Scientific Computing Platforms team at the Commonwealth Scientific and Industrial Research Organization (CSIRO) that found and reported the security hole.
Here are the versions that are affected by the vulnerability:
VMware Cloud Foundation (4.x and 5.x) and VMware Aria Automation (8.11.x, 8.12.x, 8.13.x, and 8.14.x)
“The only supported upgrade path after applying the patch is to version 8.16,” claimed VMware. “If you upgrade to an intermediate version, the vulnerability will be reintroduced, requiring an additional round of patching.”
Critical Code Execution Bug Revealed by Atlassian
There was a major remote code execution (RCE) vulnerability that affected Confluence Data Center and Confluence Server, and this development comes after Atlassian released remedies for more than twenty vulnerabilities.
A CVSS score of 10.0 indicates that the vulnerability, CVE-2023-22527, is very serious. This issue impacts versions ranging from 8.0.x to 8.5.3, as well as versions 8.1.5 to 8.3.x. Keep in mind that the vulnerability does not impact 7.19.x LTS versions.
“A template injection vulnerability on out-of-date versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected version,” the business from Australia stated.
Versions 8.5.4, 8.5.5, 8.6.0, 8.7.1, and 8.7.2 (Data Center only) of Confluence have fixes for this issue. It is advised that users who are on outdated instances update their installations to the most recent version that is available.
MANAGED CYBERSECURITY SOLUTIONS
Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.
About Rhyno Cybersecurity Services
Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.
Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.