Security

Mitigation Instructions for CVE-2023- 6549

Written by CyRisk Vulnerability Management Team | Feb 23, 2024 9:42:57 PM

SUBJECT: Critical DoS Vulnerability (CVE-2023-6549) in Citrix NetScaler ADC & Gateway - Immediate Update Required

TECH STACK: Citrix NetScaler ADC and NetScaler Gateway versions 12.1 through 14.1 (excluding 12.1-55.302 and 13.1-37.176)

DATE(S) ISSUED: 01/17/2024

NVD Last Modified: 01/24/2024

CRITICALITY: HIGH (Base Score 7.5)

OVERVIEW: 

A critical denial-of-service (DoS) vulnerability exists in Citrix NetScaler ADC and NetScaler Gateway due to improper restriction of operations within a memory buffer. This vulnerability allows unauthenticated attackers to crash affected devices, potentially causing service outages and disruption. This vulnerability is actively exploited in the wild, posing a significant risk to organizations using vulnerable versions.

SOLUTION/MITIGATION: 

  1. Upgrade Immediately: The most effective mitigation is to upgrade to a patched version of Citrix NetScaler ADC or NetScaler Gateway as soon as possible.
  • For NetScaler ADC, upgrade to version 13.1-51.15 or later.
  • For NetScaler Gateway, upgrade to version 13.1-37.176 or later.
  1. Workarounds (if upgrading is not immediately possible):
  • Restrict access to vulnerable services: If patching is not possible immediately, consider restricting access to vulnerable services on the NetScaler device. This may involve blocking external access to specific ports or implementing network segmentation.
  • Enable additional security measures: Implement additional security measures such as rate limiting and intrusion detection/prevention systems (IDS/IPS) to help mitigate potential DoS attacks.
  1. Additional mitigation steps:
  • Monitor for suspicious activity: Monitor the NetScaler device for any signs of suspicious activity, such as increased network traffic or unusual resource consumption.
  • Scan for and remove malware: Scan the NetScaler device for any potential malware that may have been installed by attackers.

Confirmation & Additional Information:

  • Verify that the mitigation steps have been successfully implemented by checking the installed version of the NetScaler software and confirming any access restrictions or additional security measures.
  • Refer to the following resources for additional information and details:
  • Citrix Security Bulletin

REFERENCES: