Security News > 2023 > July > Citrix NetScaler zero-day exploited in the wild, patch is available (CVE-2023-3519)
Citrix has patched three vulnerabilities in NetScaler ADC and NetScaler Gateway, one of which is a zero-day being exploited by attackers.
In early 2022, the company reported the exploitation of a RCE vulnerability in its Citrix ADC deployments by a Chinese state-sponsored group.
Earlier this year, ransomware threat actors also exploited an auth bypass flaw on Citrix ADC and Gateway.
NetScaler ADC and NetScaler Gateway version 12.1 have reached end-of-life, meaning they are now vulnerable and should be updated to a supported version as soon as possible.
"This bulletin only applies to customer-managed NetScaler ADC and NetScaler Gateway. Customers using Citrix-managed cloud services or Citrix-managed Adaptive Authentication do not need to take any action," Citrix added.
There is a document containing indicators of compromise and "Mentioning a PHP webshell, a SetUID binary and an IP" that enterprise admins can use to check whether their Citrix systems have been compromised, but it has yet to be made publicly available.