Detections
Analytics

Citrix ADC and Citrix Gateway Multiple Vulnerabilities (CTX561482)

critical Nessus Plugin ID 178442

Language:

Synopsis

The remote device may be affected by multiple vulnerabilities.

Description

The remote Citrix ADC or Citrix Gateway device is version 12.1, 13.0 before 13.0-91.13 or 13.1 before 13.1-49.13 or 13.1-FIPS before 13.1-37.159. It is therefore affected by multiple vulnerabilities:

 - An unauthenticated remote code execution affecting appliances configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. (CVE-2023-3519)

 - A reflected cross-site scripting vulnerability that requires victim to access an attacker-controlled link in the browser while being on a network with connectivity to the NSIP (CVE-2023-3466)

 - A Privilege Escalation to root administrator (nsroot) given authenticated access to NSIP or SNIP with management interface access (CVE-2023-3467)

Please refer to advisory CTX561482 for more information.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to version 12.1-55.297-FIPS, 13.1-37.159-FIPS, 13.0-91.13, 13.1-49.13 or later.

See Also

http://www.nessus.org/u?b1405a57

Plugin Details

Severity: Critical

ID: 178442

File Name: citrix_adc_gateway_CTX561482.nasl

Version: 1.9

Type: combined

Family: CGI abuses

Published: 7/18/2023

Updated: 2/12/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-3519

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/h:citrix:netscaler_gateway, cpe:/h:citrix:netscaler_application_delivery_controller

Required KB Items: Host/NetScaler/Detected

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/18/2023

Vulnerability Publication Date: 7/18/2023

CISA Known Exploited Vulnerability Due Dates: 8/9/2023

Exploitable With

Core Impact

Metasploit (Citrix ADC (NetScaler) Forms SSO Target RCE)

Reference Information

CVE: CVE-2023-3466, CVE-2023-3467, CVE-2023-3519

IAVA: 2023-A-0356-S, 2023-A-0592