Threat Signal Report

Citrix NetScaler ADC and NetScaler Gateway Unauthenticated Remote Code Execution Vulnerability (CVE-2023-3519)

Description

What is Citrix NetScaler ADC and NetScaler Gateway?	Citrix NetScaler ADC, previously known as Citrix ADC, is an Application Delivery Controller (ADC) designed to achieve secure and optimized network traffic. Citrix NetScaler Gateway, previously known as Citrix Gateway, is an SSL-VPN solution designed to provide secure and optimized remote access.
What is the Attack?	According to the advisory published by Citrix, CVE-2023-3519 is an unauthenticated remote code execution vulnerability that affects the unmitigated Citrix NetScaler ADC and NetScaler Gateway products. To be vulnerable, those products must be configured as a gateway or as an authentication, authorization and auditing (AAA) virtual server. The advisory also states that Citrix managed servers are already mitigated and no action is required.
Why is this Significant?	This is significant because the Citrix advisory acknowledged that CVE-2023-3519 was exploited in the wild. Also, CISA added the vulnerability to the Known Exploited Vulnerabilities Catalog on July 19th, 2023. CISA released an advisory on July 20th stating that the vulnerability was exploited as a zero-day in June affecting an unnamed critical infrastructure organization.
What is the Vendor Solution?	Citrix released relevant updates on July 18th, 2023.
What FortiGuard Coverage is available?	FortiGuard Labs has an IPS signature "Citrix.NetScaler.ADC.Gateway.Remote.Code.Execution (default action is set to "pass") in place for CVE-2023-3519. FortiGuard Labs advises users to install the relevant updated version of NetScaler ADC and NetScaler as soon as possible.