Security News > 2023 > July > Over 15K Citrix servers likely vulnerable to CVE-2023-3519 attacks

Over 15K Citrix servers likely vulnerable to CVE-2023-3519 attacks
2023-07-22 14:07

Thousands of Citrix Netscaler ADC and Gateway servers exposed online are likely vulnerable against a critical remote code execution bug exploited by unauthenticated attackers in the wild as a zero-day.

"We tag all IPs where we see a version hash in a Citrix instance. This is due fact that Citrix has removed version hash information in recent revisions," Shadowserver said.

They also noted that they're also undercounting since some revisions known to be vulnerable but with no version hashes have not been tagged and added to the total number of exposed Citrix servers.

The CVE-2023-3519 RCE zero-day was likely available online since the first week of July when a threat actor began advertising Citrix ADC zero-day flaw on a hacker forum.

CISA also ordered U.S. federal agencies on Wednesday to secure Citrix servers on their networks against ongoing attacks by August 9th, warning that the bug was already used to breach the systems of a U.S. critical infrastructure organization.

New critical Citrix ADC and Gateway flaw exploited as zero-day.


News URL

https://www.bleepingcomputer.com/news/security/over-15k-citrix-servers-likely-vulnerable-to-cve-2023-3519-attacks/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-07-19 CVE-2023-3519 Code Injection vulnerability in Citrix products
Unauthenticated remote code execution
network
low complexity
citrix CWE-94
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Citrix 118 20 177 80 65 342