SUBJECT: Critical DoS Vulnerability (CVE-2023-6549) in Citrix NetScaler ADC & Gateway - Immediate Update Required
TECH STACK: Citrix NetScaler ADC and NetScaler Gateway versions 12.1 through 14.1 (excluding 12.1-55.302 and 13.1-37.176)
DATE(S) ISSUED: 01/17/2024
NVD Last Modified: 01/24/2024
CRITICALITY: HIGH (Base Score 7.5)
OVERVIEW:
A critical denial-of-service (DoS) vulnerability exists in Citrix NetScaler ADC and NetScaler Gateway due to improper restriction of operations within a memory buffer. This vulnerability allows unauthenticated attackers to crash affected devices, potentially causing service outages and disruption. This vulnerability is actively exploited in the wild, posing a significant risk to organizations using vulnerable versions.
SOLUTION/MITIGATION:
- Upgrade Immediately: The most effective mitigation is to upgrade to a patched version of Citrix NetScaler ADC or NetScaler Gateway as soon as possible.
- For NetScaler ADC, upgrade to version 13.1-51.15 or later.
- For NetScaler Gateway, upgrade to version 13.1-37.176 or later.
- Workarounds (if upgrading is not immediately possible):
- Restrict access to vulnerable services: If patching is not possible immediately, consider restricting access to vulnerable services on the NetScaler device. This may involve blocking external access to specific ports or implementing network segmentation.
- Enable additional security measures: Implement additional security measures such as rate limiting and intrusion detection/prevention systems (IDS/IPS) to help mitigate potential DoS attacks.
- Additional mitigation steps:
- Monitor for suspicious activity: Monitor the NetScaler device for any signs of suspicious activity, such as increased network traffic or unusual resource consumption.
- Scan for and remove malware: Scan the NetScaler device for any potential malware that may have been installed by attackers.
Confirmation & Additional Information:
- Verify that the mitigation steps have been successfully implemented by checking the installed version of the NetScaler software and confirming any access restrictions or additional security measures.
- Refer to the following resources for additional information and details:
- Citrix Security Bulletin
REFERENCES:
