{"id":174259607,"date":"2024-01-16T17:37:01","date_gmt":"2024-01-16T17:37:01","guid":{"rendered":"https:\/\/www.netscaler.com\/blog\/?p=174259607"},"modified":"2024-06-28T09:34:02","modified_gmt":"2024-06-28T17:34:02","slug":"high-severity-updates-are-available-for-netscaler-adc-and-netscaler-gateway","status":"publish","type":"post","link":"https:\/\/www.netscaler.com\/blog\/news\/high-severity-updates-are-available-for-netscaler-adc-and-netscaler-gateway\/","title":{"rendered":"High-severity updates are available for NetScaler ADC and NetScaler Gateway"},"content":{"rendered":"\n

On January 16, 2024, Cloud Software Group released builds to fix CVE-2023-6548 and CVE-2023-6549, which affect NetScaler ADC and NetScaler Gateway. <\/p>\n\n\n\n

You can find more details in the security bulletin<\/a>.<\/p>\n\n\n\n

These issues only apply to customer-managed NetScaler ADC and NetScaler Gateway. Customers using Citrix-managed cloud services or Citrix-managed Adaptive Authentication are not impacted. <\/p>\n\n\n\n

We are aware of a limited number of exploits of each vulnerability in the wild. The vulnerabilities carry CVSSv3 scores of 5.5 and 8.2, respectively. We recommend immediate application of fixes \u2014 especially under certain circumstances as outlined below.<\/p>\n\n\n\n

CVE-2023-6548<\/h2>\n\n\n\n

Successful exploitation of this issue could lead to remote code execution (RCE) through the management interface.<\/p>\n\n\n\n

If you are using affected builds and have NetScaler ADC or the NetScaler Gateway management IP on the public internet, we strongly recommend that you immediately<\/em> install the recommended builds<\/a>. Please note that our standard configuration guidance is that you should not<\/em> expose the management interface to the public internet. Rather, you should keep the NetScaler management IP on a private network.<\/p>\n\n\n\n

Specifically, we recommend removing NetScaler management IP from public internet access and restricting access to NetScaler-IP, cluster-IP, and subnet-IP with management interface access from known internal host systems only. This is also a recommended best practice in the NetScaler secure configuration and deployment guide<\/a>. <\/p>\n\n\n\n

We discovered this vulnerability as a result of a customer report.<\/p>\n\n\n\n

CVE-2023-6549<\/h2>\n\n\n\n

Successful exploitation of this issue could lead to a denial of service attack. <\/p>\n\n\n\n

If you are using affected builds and have configured NetScaler ADC as a gateway (VPN virtual server, ICA proxy, CVPN, or RDP proxy) or as an AAA\u202fvirtual\u202fserver, we recommend that you immediately<\/em> install the recommended builds<\/a> because this vulnerability has been identified as high severity. <\/p>\n\n\n\n

NetScaler ADC and NetScaler Gateway appliances that are not <\/em>configured as a gateway (VPN virtual server, ICA proxy, CVPN, or RDP proxy) or as an <\/em>AAA virtual\u202fserver (traditional load balancing configurations, for example) and NetScaler Console (formerly called NetScaler Application Delivery Management) are not<\/em> affected by CVE-2023-6549.<\/p>\n\n\n\n

There are no mitigations or workarounds available for CVE-2023-6549.<\/p>\n\n\n\n

We discovered this vulnerability internally, and a customer subsequently reported an exploit.  <\/p>\n\n\n\n

In both this communication and the related security bulletin<\/a>, please understand that we are sharing only select technical details. We recognize that this can be challenging for NetScaler customers, but we are very careful about disclosing any additional information because the details could aid malicious actors in the exploit.<\/p>\n\n\n\n

Update installation<\/h2>\n\n\n\n

Permanent fixes are available to download for NetScaler ADC and NetScaler Gateway:<\/p>\n\n\n\n