CVE-2023-6548, CVE-2023-6549: Zero-Day Vulnerabilities Exploited in Citrix NetScaler ADC and NetScaler Gateway | allinfosecnews.com

Jan. 17, 2024, 12:19 a.m. | Satnam Narang, Scott Caveza

Cyber Exposure Alerts www.tenable.com

Two zero-day vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway have been exploited in the wild. Urgent patching is required to address these flaws.

Background

On January 16, Citrix published an advisory for two new zero-day vulnerabilities in its NetScaler Application Delivery Controller (ADC) and NetScaler Gateway appliances:

CVE	Description	Severity
CVE-2023-6548	Citrix NetScaler ADC and Gateway Authenticated Remote Code Execution (RCE) Vulnerability	Medium
CVE-2023-6549	Citrix NetScaler ADC and Gateway Denial of Service Vulnerability	High

According to Citrix, these flaws …

adc address advisory application application delivery application delivery controller citrix citrix netscaler citrix netscaler adc controller cve delivery exploited flaws gateway january netscaler netscaler adc netscaler gateway patching urgent vulnerabilities zero-day zero-day vulnerabilities

More from www.tenable.com / Cyber Exposure Alerts

Microsoft’s May 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-30051, CVE-2024-30040) 4 days, 7 hours ago | www.tenable.com

addresses critical critical vulnerability cve +15

CVE-2024-21793, CVE-2024-26026: Proof of Concept Available for F5 BIG-IP Next Central Manager Vulnerabilities 1 week, 2 days ago | www.tenable.com

big big-ip big-ip next central manager centralized management +18

CVE-2024-20353, CVE-2024-20359: Frequently Asked Questions About ArcaneDoor 3 weeks, 2 days ago | www.tenable.com

adaptive security arcanedoor blog called +15

CVE-2024-4040: CrushFTP Virtual File System (VFS) Sandbox Escape Vulnerability Exploited 3 weeks, 4 days ago | www.tenable.com

advisory april crushftp customers +23

Oracle April 2024 Critical Patch Update Addresses 239 CVEs 1 month ago | www.tenable.com

addresses april cpu critical +12

CVE-2024-3400: Zero-Day Vulnerability in Palo Alto Networks PAN-OS GlobalProtect Gateway Exploited in the Wild 1 month ago | www.tenable.com

alto april attacks command +25

Microsoft’s April 2024 Patch Tuesday Addresses 147 CVEs (CVE-2024-29988) 1 month, 1 week ago | www.tenable.com

addresses april critical critical vulnerabilities +13

Frequently Asked Questions About CVE-2024-3094, A Backdoor in XZ Utils 1 month, 2 weeks ago | www.tenable.com

CVE-2023-48788: Critical Fortinet FortiClientEMS SQL Injection Vulnerability 2 months ago | www.tenable.com

address advisory arbitrary code attacker +20

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

Consultant Sécurité SI Gouvernance - Risques - Conformité H/F - Strasbourg

@ Hifield | Strasbourg, France

View on infosec-jobs.com

Lead Security Specialist

@ KBR, Inc. | USA, Dallas, 8121 Lemmon Ave, Suite 550, Texas

View on infosec-jobs.com

Consultant SOC / CERT H/F

@ Hifield | Sèvres, France

View on infosec-jobs.com