Security News > 2023 > July > Citrix NetScaler zero-day exploited in the wild, patch is available (CVE-2023-3519)

Citrix has patched three vulnerabilities in NetScaler ADC and NetScaler Gateway, one of which is a zero-day being exploited by attackers.
In early 2022, the company reported the exploitation of a RCE vulnerability in its Citrix ADC deployments by a Chinese state-sponsored group.
Earlier this year, ransomware threat actors also exploited an auth bypass flaw on Citrix ADC and Gateway.
NetScaler ADC and NetScaler Gateway version 12.1 have reached end-of-life, meaning they are now vulnerable and should be updated to a supported version as soon as possible.
"This bulletin only applies to customer-managed NetScaler ADC and NetScaler Gateway. Customers using Citrix-managed cloud services or Citrix-managed Adaptive Authentication do not need to take any action," Citrix added.
There is a document containing indicators of compromise and "Mentioning a PHP webshell, a SetUID binary and an IP" that enterprise admins can use to check whether their Citrix systems have been compromised, but it has yet to be made publicly available.
News URL
https://www.helpnetsecurity.com/2023/07/19/cve-2023-3519/
Related news
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- New Windows zero-day leaks NTLM hashes, gets unofficial patch (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)