This document has been written for the IT teams of organisations and government.
Background / What has happened?
ASD’s ACSC is aware of vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway products.
- NetScaler ADC and NetScaler Gateway 14.1 before 14.1-12.35
- NetScaler ADC and NetScaler Gateway 13.1 before 13.1-51.15
- NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.21
- NetScaler ADC 13.1-FIPS before 13.1-37.176
- NetScaler ADC 12.1-FIPS before 12.1-55.302
- NetScaler ADC 12.1-NDcPP before 12.1-55.302
CVE-2023-6548 can result in remote code execution by an authenticated threat actor with access to the management interface.
CVE-2023-6549 can result in a denial of service if the device is configured as a gateway or AAA virtual server.
Citrix reports both CVEs are under active exploitation.
Mitigation / How do I stay secure?
Australian organisations should review their networks for use of vulnerable instances of the Citrix NetScaler products, and consult NetScaler’s security advisory (NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549) for mitigation advice.
Assistance / Where can I go for help?
ASD's ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations or individuals that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).