Security

Mitigation Instructions for CVE-2023-6548

Written by CyRisk Vulnerability Management Team | Feb 23, 2024 9:42:36 PM

SUBJECT: Critical RCE Vulnerability (CVE-2023-6548) in Citrix NetScaler ADC & Gateway - Immediate Update Required

TECH STACK: Citrix NetScaler ADC and NetScaler Gateway versions 12.1 through 14.1 (excluding 12.1-55.302 and 13.1-37.176)

DATE(S) ISSUED: 01/17/2024

NVD Last Modified: 01/25/2024

CRITICALITY: HIGH (Base Score 8.8)

OVERVIEW: 

A critical remote code execution (RCE) vulnerability exists in Citrix NetScaler ADC and NetScaler Gateway due to improper control of code generation (code injection). This vulnerability allows attackers with authenticated access to NSIP, CLIP, or SNIP with the management interface to execute arbitrary code on the affected device. This vulnerability is actively exploited in the wild, posing a significant risk to organizations using vulnerable versions.

SOLUTION/MITIGATION: 

  1. Upgrade Immediately: The most effective mitigation is to upgrade to a patched version of Citrix NetScaler ADC or NetScaler Gateway as soon as possible.
  • For NetScaler ADC, upgrade to version 13.1-51.15 or later.
  • For NetScaler Gateway, upgrade to version 13.1-37.176 or later.
  1. Workarounds (if upgrading is not immediately possible):
  • Restrict access to the management interface: If patching is not possible immediately, restrict access to the management interface only to authorized personnel and trusted networks. Consider implementing multi-factor authentication (MFA) for additional security.
  • Disable unnecessary functionality: Disable any unused or unnecessary features and functionality on the NetScaler device, especially those related to the management interface.

Additional mitigation steps:

  • Change default credentials: Change any default administrative credentials on the NetScaler device.
  • Enable logging and monitoring: Enable comprehensive logging and monitoring on the NetScaler device to detect suspicious activity.
  • Scan for and remove malware: Scan the NetScaler device for any potential malware or backdoors that may have been installed by attackers.

Confirmation & Additional Information:

  • Verify that the mitigation steps have been successfully implemented by checking the installed version of the NetScaler software and confirming any access restrictions or disabled features.
  • Refer to the following resources for additional information and details:
  • Citrix Security Bulletin

REFERENCES: