Security News > 2023 > August > About 2000 Citrix NetScalers Were Compromised in Massive Attack Campaigns
About 2,000 Citrix NetScalers were compromised in automated massive attack campaigns.
Threat actors have been exploiting a NetScaler appliance vulnerability to get persistent access to the compromised systems.
Citrix published a security bulletin on July 18, 2023 about three vulnerabilities in NetScaler ADC and NetScaler Gateway: CVE-2023-3519, CVE-2023-3466 and CVE-2023-3467.
Figure B. Fox-IT reported that approximately 69% of the NetScalers that currently contain a web shell backdoor are not vulnerable anymore to CVE-2023-3519; this means that, while most administrators have deployed the fixes, they have not carefully checked the systems for signs of successful exploitation and are still compromised.
Figure C. Most compromised NetScalers are located in Europe.
Fox-IT researchers stated that "There are stark differences between countries in terms of what percentage of their NetScalers were compromised. For example, while Canada, Russia and the United States of America all had thousands of vulnerable NetScalers on July 21, virtually none of these NetScalers were found to have a webshell on them. As of now, we have no clear explanation for these differences, nor do we have a confident hypothesis to explain which NetScalers were targeted by the adversary and which ones were not."
News URL
https://www.techrepublic.com/article/citrix-netscalers-compromised/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-19 | CVE-2023-3467 | Unspecified vulnerability in Citrix products Privilege Escalation to root administrator (nsroot) low complexity citrix | 8.0 |
| 2023-07-19 | CVE-2023-3466 | Cross-site Scripting vulnerability in Citrix products Reflected Cross-Site Scripting (XSS) | 6.1 |
| 2023-07-19 | CVE-2023-3519 | Code Injection vulnerability in Citrix products Unauthenticated remote code execution | 9.8 |