Security News > 2023 > August > About 2000 Citrix NetScalers Were Compromised in Massive Attack Campaigns

About 2000 Citrix NetScalers Were Compromised in Massive Attack Campaigns
2023-08-18 19:26

About 2,000 Citrix NetScalers were compromised in automated massive attack campaigns.

Threat actors have been exploiting a NetScaler appliance vulnerability to get persistent access to the compromised systems.

Citrix published a security bulletin on July 18, 2023 about three vulnerabilities in NetScaler ADC and NetScaler Gateway: CVE-2023-3519, CVE-2023-3466 and CVE-2023-3467.

Figure B. Fox-IT reported that approximately 69% of the NetScalers that currently contain a web shell backdoor are not vulnerable anymore to CVE-2023-3519; this means that, while most administrators have deployed the fixes, they have not carefully checked the systems for signs of successful exploitation and are still compromised.

Figure C. Most compromised NetScalers are located in Europe.

Fox-IT researchers stated that "There are stark differences between countries in terms of what percentage of their NetScalers were compromised. For example, while Canada, Russia and the United States of America all had thousands of vulnerable NetScalers on July 21, virtually none of these NetScalers were found to have a webshell on them. As of now, we have no clear explanation for these differences, nor do we have a confident hypothesis to explain which NetScalers were targeted by the adversary and which ones were not."


News URL

https://www.techrepublic.com/article/citrix-netscalers-compromised/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-07-19 CVE-2023-3467 Unspecified vulnerability in Citrix products
Privilege Escalation to root administrator (nsroot)
low complexity
citrix
8.0
2023-07-19 CVE-2023-3466 Cross-site Scripting vulnerability in Citrix products
Reflected Cross-Site Scripting (XSS)
network
low complexity
citrix CWE-79
6.1
2023-07-19 CVE-2023-3519 Code Injection vulnerability in Citrix products
Unauthenticated remote code execution
network
low complexity
citrix CWE-94
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Citrix 118 20 177 80 65 342