Citrix is alerting users about two zero-day security flaws in NetScaler ADC (formerly known as Citrix ADC) and NetScaler Gateway (previously known as Citrix Gateway) that are being actively used by malicious actors. Below is a list of the flaws:
- CVE-2023-6548 (CVSS score: 5.5) - Remote code execution on the Management Interface that is authenticated and low privileged (needs access to NSIP, CLIP, or SNIP with management interface access).
- CVE-2023-6549 (CVSS score: 8.2) - Denial of service (demands that the appliance be set up as a virtual server for authorization and accounting, or AAA) or gateway.
The flaws affect the following customer-managed versions of NetScaler ADC and NetScaler Gateway:
- NetScaler ADC and NetScaler Gateway 14.1 before 14.1-12.35
- NetScaler ADC and NetScaler Gateway 13.1 before 13.1-51.15
- NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.21
- NetScaler ADC and NetScaler Gateway version 12.1 (currently end-of-life)
- NetScaler ADC 13.1-FIPS before 13.1-37.176
- NetScaler ADC 12.1-FIPS before 12.1-55.302, and
- NetScaler ADC 12.1-NDcPP before 12.1-55.302
Citrix stated, "Exploits of these CVEs on unmitigated appliances have been observed," without providing any further information. It is advised that users of NetScaler ADC and NetScaler Gateway version 12.1 update to a supported version that addresses the vulnerabilities in their appliances.
To lower the possibility of exploitation, it is also recommended not to expose the administrative interface to the Internet. Threat actors have been using many security flaws in Citrix appliances in recent months to drop web shells and take over active authenticated sessions.
VMware Fixes Critical Aria Automation Flaw
The information was released after VMware notified clients of a serious security flaw in Aria Automation that might give an authorized attacker access to remote organizations and workflows without authorization.
The virtualization services provider, which is owned by Broadcom, has identified the problem as CVE-2023-34063 and describes it as a "missing access control" vulnerability.
The Security Vulnerability was found and reported by the Scientific Computing Platforms team of the Commonwealth Scientific and Industrial Research Organization (CSIRO). The following lists the versions that are susceptible to the vulnerability:
- VMware Aria Automation (8.11.x, 8.12.x, 8.13.x, and 8.14.x)
- VMware Cloud Foundation (4.x and 5.x)
"The only supported upgrade path after applying the patch is to version 8.16," VMware said. "If you upgrade to an intermediate version, the vulnerability will be reintroduced, requiring an additional round of patching."
Atlassian Discloses Critical Code Execution Bug
The news also comes after Atlassian patched more than 20 vulnerabilities, including a serious remote code execution (RCE) issue that affected Confluence Server and Data Center.
The vulnerability, identified as CVE-2023-22527, has been given a maximum severity level of 10.0 by the CVSS. Versions8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, and 8.5.0-8.5.3 are impacted. It is noteworthy that the vulnerability does not affect LTS version 7.19.x.
"A template injection vulnerability on out-of-date versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected version," according to the Australian business.
Versions 8.5.4, 8.5.5 (Confluence Data Center and Server), 8.6.0, 8.7.1, and 8.7.2 (Data Center only) have all solved the issue. It is advised that users who are using outdated instances update to the newest version available.