Powered by MOMENTUM MEDIA
cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Powered by MOMENTUM MEDIA
Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Explore

SECTIONS

MORE

search button

ACSC issues critical alert on Citrix network firmware vulnerability

The Australian Cyber Security Centre (ACSC) has issued a critical alert after detecting a vulnerability in networking firmware commonly used on Australian networks.

user icon Daniel Croft
Wed, 19 Jul 2023 Tech
ACSC issues critical alert on Citrix network firmware vulnerability
expand image

The ACSC said that vulnerability CVE-2023-3519 had been found affecting the Citrix NetScaler ADC and NetScaler Gateway.

“The ACSC has assessed that there is significant exposure to this Citrix NetScaler ADC and NetScaler Gateway vulnerability in Australia and that any future exploitation would have significant impact to Australian systems and networks.”

Citrix, the company behind the NetScaler family of firmware, has said that exploits of the vulnerability have been found in the wild.

============
============

The detected vulnerability is the most severe of three detected vulnerabilities, according to Citrix via Rapid7.

A statement on the Rapid7 blog said that CVE-2023-3519 allows for “unauthenticated remote code execution – NOTE that the appliance must be configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server”.

Rapid7 added: “This product line is a popular target for attackers of all skill levels, and we expect that exploitation will increase quickly.”

The ACSC has said that customers of NetScaler ADC and NetScaler Gateway are highly recommended to install the latest version of both programs and that organisations should remain alert for future Citrix patches.

The other two patches detected in the Citrix NetScaler ADC and NetScaler Gateway are CVE-2023-3466 and CVE-2023-3467, both of which are considered much lower risk than CVE-2023-3519.

Cyber Daily logo
VIEW ALL

According to Rapid7, CVE-2023-3466 is a reflected XSS vulnerability, which requires the “victim to access an attacker-controlled link in the browser while being on a network with connectivity to the NetScaler IP (NSIP)” for successful exploitation.

CVE-2023-3467 “allows for privilege escalation to root administrator (nsroot)”.

The full critical alert can be found on the ACSC website.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.
CD Logo

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED

Be the first to hear the latest developments in the cyber industry.

Copyright © 2007-2024 MOMENTUMMEDIA
Copyright & DisclaimersPrivacy PolicyTerms & Conditions
momentummedia media
most innovative companies awards

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

CATEGORIES

STAY CONNECTED

Copyright © 2024 MOMENTUMMEDIA