The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said on Thursday that a newly disclosed critical security flaw in Citrix NetScaler Application Delivery Controllers (ADCs) and gateway devices was exploited to drop webshells on vulnerable systems. issued a warning that
“In June 2023, threat actors exploited this vulnerability as a zero-day, dropping a webshell on a NetScaler ADC appliance, a non-production environment of a critical infrastructure organization,” the agency said.
“The web shell allowed the attacker to perform detection on the victim’s Active Directory (AD) and collect and extract AD data. The attacker attempted to move laterally to a domain controller was blocked from moving by the appliance’s network segmentation controls.”
The shortcoming of the issue is CVE-2023-3519 (CVSS score: 9.8), a code injection bug that can lead to unauthenticated remote code execution. Citrix released a patch for the issue earlier this week and warned of active exploitation in the wild.
The appliance must be configured as a gateway (VPN virtual server, ICA proxy, CVPN, RDP proxy) or Authentication, Authorization and Auditing (AAA) virtual server for exploitation to succeed.
CISA did not name the organizations affected by the incident. The attackers and the country behind them are currently unknown.
In this incident analyzed by CISA, the webshell allegedly enabled the collection of NetScaler configuration files, NetScaler decryption keys, AD information, and then sent the data as a PNG image file (“medialogininit.png”). there is
Shielding Against Insider Threats: Mastering SaaS Security Posture Management
Worried about insider threats? We’ve got you covered! Join us for this webinar to explore practical strategies and proactive security secrets using SaaS Security Posture Management.
join today
The attackers then attempted to move laterally within the network, identify accessible targets, and execute commands to verify outbound network connectivity, but were thwarted by robust network segmentation practices, officials said. , the attackers also added that the attackers tried to remove the artifacts to hide the security. truck.
Vulnerabilities in gateway products such as NetScaler ADC and NetScaler Gateway have become popular targets for attackers seeking privileged access to target networks. Therefore, it is imperative that users apply the latest fixes promptly to protect against potential threats.
