CVE-2023-3519: Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability
First published: Wed Jul 19 2023(Updated: )
Citrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution.
Credit: secure@citrix.com secure@citrix.com secure@citrix.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Citrix NetScaler Application Delivery Controller | >=12.1<12.1-55.297 | |
| Citrix NetScaler Application Delivery Controller | >=12.1<12.1-55.297 | |
| Citrix NetScaler Application Delivery Controller | >=13.1<13.1-37.159 | |
| Citrix NetScaler Application Delivery Controller | >=13.1<13.1-49.13 | |
| Citrix NetScaler Application Delivery Controller | >=13.0<13.0-91.13 | |
| Citrix NetScaler Gateway | >=13.0<13.0-91.13 | |
| Citrix NetScaler Gateway | >=13.1<13.1-49.13 | |
| Citrix NetScaler Application Delivery Controller | =11.1-65.22 | |
Remedy
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467
- http://packetstormsecurity.com/files/173997/Citrix-ADC-NetScaler-Remote-Code-Execution.html
- https://www.theregister.com/2024/01/03/xerox_inks_confirmation_of_security/
- https://www.bleepingcomputer.com/news/security/iranian-hackers-work-with-ransomware-gangs-to-extort-breached-orgs/
- https://www.theregister.com/2024/08/28/iran_pioneer_kitten/
- https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467;
- https://nvd.nist.gov/vuln/detail/CVE-2023-3519
- https://www.bleepingcomputer.com/news/security/fbi-cisa-and-nsa-reveal-most-exploited-vulnerabilities-of-2023/
- https://www.bleepingcomputer.com/news/security/expressvpn-bug-has-been-leaking-some-dns-requests-for-years/
Frequently Asked Questions
What is CVE-2023-3519?
CVE-2023-3519 is a code injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway that allows for unauthenticated remote code execution.
Who is affected by CVE-2023-3519?
Citrix NetScaler ADC and NetScaler Gateway users are affected by CVE-2023-3519.
How severe is CVE-2023-3519?
CVE-2023-3519 has a severity rating of critical.
How can I fix CVE-2023-3519?
To fix CVE-2023-3519, it is recommended to apply the security patches provided by Citrix.
Where can I find more information about CVE-2023-3519?
More information about CVE-2023-3519 can be found on the Citrix support website and Packet Storm Security.
- collector/nvd-latest
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/description
- agent/severity
- agent/remedy
- agent/title
- collector/the-register
- source/The Register
- alias/CVE-2023-3519
- agent/weakness
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2024-24919
- alias/CVE-2024-3400
- alias/CVE-2019-19781
- alias/CVE-2022-1388
- exploited/true
- ransomware/true
- collector/cisa-known-exploited
- source/CISA
- collector/nvd-cve
- agent/author
- agent/references
- agent/event
- agent/tags
- vendor/citrix
- canonical/citrix netscaler application delivery controller
- version/citrix netscaler application delivery controller/12.1
- version/citrix netscaler application delivery controller/13.1
- version/citrix netscaler application delivery controller/13.0
- canonical/citrix netscaler gateway
- version/citrix netscaler gateway/13.0
- version/citrix netscaler gateway/13.1
- version/citrix netscaler application delivery controller/11.1-65.22
- canonical/citrix netscaler adc and netscaler gateway