More than 15,000 Citrix servers worldwide are at risk of being compromised unless administrators urgently patch them, a leading security nonprofit has warned.
The Shadowserver Foundation trolls the Internet for data about malicious activity.revealed in Twitter post On Friday, the US (5700) had the most affected servers, followed by Germany (1500), UK (1000) and Australia (582).
For more information on Citrix vulnerabilities, see Citrix Admin Encouraged to Act as PoC to Exploit Surface.
“This rating is version-based, which means we tag all IPs for which we see a version hash in our Citrix instance.
“Therefore, it is our view that all instances that provide a version hash have not been updated and will remain vulnerable unless mitigations are in place. Additionally, we have also added instances tagged as vulnerable that return a ‘Last Modified’ header dated before 00:00:00Z on July 1, 2023. Please be sure to update. ”
Citrix posted an advisory regarding this vulnerability (CVE-2023-3519) and two others on July 18th. His CVSS score for the Unauthenticated Remote Code Execution bug is 9.8, marking it as critical.
This vulnerability affected NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) and emerged as a zero-day vulnerability in early July after being advertised online by threat actors.
“Exploitation of CVE-2023-3519 has been observed on unmitigated appliances,” Citrix warned. “The Cloud Software Group strongly recommends that affected customers of NetScaler ADC and NetScaler Gateway install the relevant updated versions as soon as possible.”
Two other vulnerabilities in the advisory are CVE-2023-3466, which reflects a cross-site scripting bug, and CVE-2023-3467, which allows privilege escalation to root administrator.
