Security News > 2023 > July > Netscaler ADC bug exploited to breach US critical infrastructure org
The US government is warning that threat actors breached the network of a U.S. organization in the critical infrastructure sector after exploiting a zero-day RCE vulnerability currently identified as CVE-2023-3519, a critical-severity issue in NetScaler ADC and Gateway that Citrix patched this week.
Because the targeted NetScaler ADC appliance was in a segregated environment on the network, the hackers were not able to move laterally to a domain controller, CISA says.
NetScaler configuration files that contain an encrypted password whose key is on the ADC appliance.
An initial assessment from The Shadowserver Foundation, a non-profit organization for making the internet more secure, saw that CVE-2023-3519 was likely affecting more than 11,000 NetScaler ADC and Gateway servers exposed online.
New critical Citrix ADC and Gateway flaw exploited as zero-day.
VMware warns of exploit available for critical vRealize RCE bug.
News URL
Related news
- US sanctions APT31 hackers behind critical infrastructure attacks (source)
- US critical infrastructure cyberattack reporting rules inch closer to reality (source)
- CISA investigates critical infrastructure breach after Sisense hack (source)
- Phobos Ransomware Aggressively Targeting U.S. Critical Infrastructure (source)
- FBI: Critical infrastructure suffers spike in ransomware attacks (source)
- Major shifts in identity, ransomware, and critical infrastructure threat trends (source)
- Web-based PLC malware: A new potential threat to critical infrastructure (source)
- Public anxiety mounts over critical infrastructure resilience to cyber attacks (source)
- CISA shares critical infrastructure defense tips against Chinese hackers (source)
- FBI v the bots: Feds urge denial-of-service defense after critical infrastructure alert (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-07-19 | CVE-2023-3519 | Code Injection vulnerability in Citrix products Unauthenticated remote code execution | 9.8 |