Threat Intelligence
CVE-2024-0204: Authentication Bypass Vulnerability in Fortra GoAnywhere MFT
January 25, 2024
by George Glass
Fri, Jan 19, 2024
Two Zero-Day Vulnerabilities Exploited in Citrix NetScaler ADC and NetScaler Gateway
Note: These vulnerabilities remain under active exploitation, and Kroll experts are investigating. If further details are uncovered by our team, updates will be made to the Kroll Cyber Risk blog.
Two vulnerabilities have been detected in in Citrix NetScaler ADC and NetScaler Gateway. These vulnerabilities are being tracked as CVE-2023-6549 and CVE-2023-6548 with CVSS scores of 8.2 and 5.5 respectively. They are under active exploitation, affecting the following product versions:
- NetScaler ADC and NetScaler Gateway 14.1 before 14.1-12.35
- NetScaler ADC and NetScaler Gateway 13.1 before 13.1-51.15
- NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.21
- NetScaler ADC 13.1-FIPS before 13.1-37.176
- NetScaler ADC 12.1-FIPS before 12.1-55.302
- NetScaler ADC 12.1-NDcPP before 12.1-55.302
Citrix published security updates for these vulnerabilities and those fixes should be applied immediately.
Citrix did not provide additional details about the attacks in the wild, so it is unknown when the attacks started.
According to Citrix, customers using Citrix-managed cloud services or Citrix-managed Adaptive Authentication do not need to take any action. It is not clear if the vulnerabilities previously affected the cloud platforms but have since been mitigated.
CVE-2023-6549
CVE-2023-6549 is a zero-day vulnerability with a high potential for exploitation. If exploited, this vulnerability could allow an attacker to perform a denial of service on an appliance configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
CVE-2023-6548
CVE-2023-6548 is a zero-day vulnerability that allows an authenticated attacker with low privileges access to NSIP, CLIP or SNIP Management Interface to perform remote code execution on the Management Interface.
CVE- 2023- 6548 only impacts the Management Interface. Citrix strongly recommends that network traffic to the appliance’s management interface is separated, either physically or logically, from normal network traffic. Do not expose the Management Interface to the internet. See NetScaler secure deployment guide for more information.
Our Cyber Threat Intelligence (CTI) team recommends the following:
Install the relevant updated versions as soon as possible:
- NetScaler ADC and NetScaler Gateway 14.1-12.35 and later releases
- NetScaler ADC and NetScaler Gateway 13.1-51.15 and later releases of 13.1
- NetScaler ADC and NetScaler Gateway 13.0-92.21 and later releases of 13.0
- NetScaler ADC 13.1-FIPS 13.1-37.176 and later releases of 13.1-FIPS
- NetScaler ADC 12.1-FIPS 12.1-55.302 and later releases of 12.1-FIPS
- NetScaler ADC 12.1-NDcPP 12.1-55.302 and later releases of 12.1-NDcPP
Note: NetScaler ADC and NetScaler Gateway version 12.1 are now end of life (EOL). Customers are recommended to upgrade their appliances to one of the above supported versions that addresses the vulnerabilities.
Cyber Risk
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.
Cyber Threat Intelligence
Threat intelligence are fueled by frontline incident response intel and elite analysts to effectively hunt and respond to threats.
Kroll Responder MDR
Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.
24x7 Incident Response
Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.
Cyber Risk Retainer
Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.
Incident Response and Litigation Support
Kroll’s elite security leaders deliver rapid responses for over 3,000 incidents per year and have the resources and expertise to support the entire incident lifecycle.
Managed Security Services
World-renowned cyber investigators and leading technology fuel Kroll’s managed security services, augmenting security operations centres and incident response capabilities.
Explore Insights
Threat Intelligence
Threat Intelligence
Two Critical Vulnerabilities Impacting GitLab Community Edition and Enterprise Edition
January 17, 2024
by George Glass, Ryan Hicks
Threat Intelligence
Two Zero-Day Vulnerabilities Impacting Ivanti Connect Secure and Policy Secure Gateways
January 15, 2024
by George Glass, Ryan Hicks, Mikesh Nagar
Threat Intelligence
CVE-2023-39336: Remote Code Execution Vulnerability Found in Ivanti EPM
January 9, 2024
Kroll is headquartered in New York with offices around the world.
55 East 52nd Street 17 Fl
New York NY 10055
Sign up to receive periodic news, reports, and invitations from Kroll.
Our privacy policy describes how your data will be processed.
© 2024 Kroll, LLC. All rights reserved.
Kroll is not affiliated with Kroll Bond Rating Agency,
Kroll OnTrack Inc. or their affiliated businesses. Read more.