Security News > 2024 > January > Citrix, VMware, and Atlassian Hit with Critical Flaws — Patch ASAP!
2024-01-17 04:14
Citrix is warning of two zero-day security vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that are being actively exploited in the wild. The flaws are listed below - CVE-2023-6548 (CVSS score: 5.5) - Authenticated (low privileged) remote code execution on Management Interface (requires access to NSIP, CLIP, or SNIP with management
News URL
https://thehackernews.com/2024/01/citrix-vmware-and-atlassian-hit-with.html
Related news
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products (source)
- Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-17 | CVE-2023-6548 | Code Injection vulnerability in Citrix products Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface. | 8.8 |