Citrix releases security updates to address vulnerabilities (CVE-2023-6548 and CVE-2023-6549). The two vulnerabilities have been discovered in NetScaler ADC ( formerly Citrix ADC ) and NetScaler Gateway ( formerly Citrix Gateway ).

The following supported versions of NetScaler ADC and NetScaler Gateway are affected by the vulnerabilities:

• NetScaler ADC and NetScaler Gateway 14.1before 14.1-12.35
• NetScaler ADC and NetScaler Gateway 13.1before 13.1-15.15
• NetScaler ADC and NetScaler Gateway 13.0before 13.0-92.21
• NetScaler ADC 13.1-FIPS before 13.1-37.176
• NetScaler ADC 12.1-FIPS before 12.1-55.302
• NetScaler ADC 12.1-NDcPP before 12.1-55.302

Note: NetScaler ADC and NetScaler Gateway version12.1 is now End OF Life (EOL) and is vulnerable.

An attacker could exploit this vulnerability and take control of the affected system.

Administrators are recommended to apply necessary updates of install relevant updated versions without delay.

• NetScaler ADC and NetScaler Gateway 14.1-12.35 and later releases
• NetScaler ADC and NetScaler Gateway 13.1-51.15 and later releases of 13.1
• NetScaler ADC and NetScaler Gateway 13.0-92.21 and later releases of 13.0
• NetScaler ADC 13.1-37.176 and later releases of 13.1-FIPS
• NetScaler ADC 12.1-55.302 and later releases of 12.1-FIPS
• NetScaler ADC 12.1-55.302 and later releases of 12,1-NDcPP

For CVE-2023-6548 which only impacts the management interface, therefore it is strongly recommended that network traffic to the application’s management interface be separated, either physically or logically from the normal network traffic. In addition, do not expose management interface to the internet.

For more technical support: https://www.citrix.com/support/open-a-support-case.