Security News > 2023 > August > Hundreds of Citrix NetScaler ADC and Gateway Servers Hacked in Major Cyber Attack
Hundreds of Citrix NetScaler ADC and Gateway servers have been breached by malicious actors to deploy web shells, according to the Shadowserver Foundation.
The non-profit said the attacks take advantage of CVE-2023-3519, a critical code injection vulnerability that could lead to unauthenticated remote code execution.
The exploitation of CVE-2023-3519 to deploy web shells was previously disclosed by the U.S. Cybersecurity and Infrastructure Security Agency, which said the attack was directed against an unnamed critical infrastructure organization in June 2023.
The disclosure comes as GreyNoise said it detected three IP addresses attempting to exploit CVE-2023-24489, another critical flaw in Citrix ShareFile software that allows for unauthenticated arbitrary file upload and remote code execution.
Attack surface management firm Assetnote, which discovered and reported the bug, traced it to a simpler version of a padding oracle attack.
"Look at how it behaves when invalid versus valid padding is provided. Does it result in an error? Are the errors different? Does it take longer or shorter to process? All of these can lead to a potential padding oracle attack."
News URL
https://thehackernews.com/2023/08/hundreds-of-citrix-netscaler-adc-and.html
Related news
- LottieFiles hacked in supply chain attack to steal users’ crypto (source)
- New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Warning: Over 2,000 Palo Alto Networks Devices Hacked in Ongoing Attack Campaign (source)
- New NachoVPN attack uses rogue VPN servers to install malicious updates (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Citrix shares mitigations for ongoing Netscaler password spray attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-19 | CVE-2023-3519 | Code Injection vulnerability in Citrix products Unauthenticated remote code execution | 9.8 |
| 2023-07-10 | CVE-2023-24489 | Unspecified vulnerability in Citrix Sharefile Storage Zones Controller A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller. | 9.8 |