Multiple vulnerabilities have been discovered in NetScaler ADC and NetScaler Gateway. The vulnerability can be exploited by attackers for supported versions of Citrix NetScaler ADC and Citrix NetScaler Gateway.

Supported versions affected by the vulnerabilities

The following Supported versions of NetScaler ADC and NetScaler Gateway are affected by the vulnerabilities:

• NetScaler ADC and NetScaler Gateway 13.1-49.13.
• NetScaler ADC and NetScaler Gateway 13.0 before 13.0-91.13.
• NetScaler ADC 13.1-FIPS before 13.1-37.159.
• NetScaler ADC 12.1-FIPS before 12.1-55.297.
• NetScaler ADC 12.1-NDcPP before 12.1-55.297.

Note: NetScaler ADC and NetScaler Gateway Ver. 12.1 is now End Of Life (EOL) and is vulnerable

Technical Details of each CVEs

CVE-2023-3466:

Affected Products: Citrix ADC, Citrix Gateway
Description: Reflected Cross-Site Scripting (XSS)
Pre-requisites: Requires victim to access an attacker-controlled link in the browser while being on a network with connectivity to the NSIP
Common weakness Enumeration (CWE): Improper Input validation (CWE-20)
Common Vulnerability Scoring System (CVSS): 8.3

CVE-2023-3467:

Affected Products: Citrix ADC, Citrix Gateway
Description: Privilege Escalation to root administrator (nsroot)
Pre-requisites: Authenticate access to NSIP or SNIP with management interface access
CWE: Improper Privilege Management (CWE-269)
CVSS: 8.0

CVE-2023-3519:

Affected Products: Citrix ADC, Citrix Gateway
Description: Unauthenticated remote code execution
Pre-requisites: Application must be configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
CWE: Improper Control of Generation of Code (“Code Injection”) (CWE-94)
CVSS: 9.8

CERTVU strongly urges affected customers of NetScaler ADC and NetScaler Gateway to install relevant updated versions without further delay.