Citrix is warning of two zero-day security vulnerabilities in NetScaler ADC (previously Citrix ADC) and NetScaler Gateway (previously Citrix Gateway) which might be being actively exploited within the wild.
The failings are listed under –
- CVE-2023-6548 (CVSS rating: 5.5) – Authenticated (low privileged) distant code execution on Administration Interface (requires entry to NSIP, CLIP, or SNIP with administration interface entry)
- CVE-2023-6549 (CVSS rating: 8.2) – Denial-of-service (requires that the equipment be configured as a Gateway or authorization and accounting, or AAA, digital server)
The next customer-managed variations of NetScaler ADC and NetScaler Gateway are impacted by the shortcomings –
- NetScaler ADC and NetScaler Gateway 14.1 earlier than 14.1-12.35
- NetScaler ADC and NetScaler Gateway 13.1 earlier than 13.1-51.15
- NetScaler ADC and NetScaler Gateway 13.0 earlier than 13.0-92.21
- NetScaler ADC and NetScaler Gateway model 12.1 (at the moment end-of-life)
- NetScaler ADC 13.1-FIPS earlier than 13.1-37.176
- NetScaler ADC 12.1-FIPS earlier than 12.1-55.302, and
- NetScaler ADC 12.1-NDcPP earlier than 12.1-55.302
“Exploits of those CVEs on unmitigated home equipment have been noticed,” Citrix mentioned, with out sharing any extra specifics. Customers of NetScaler ADC and NetScaler Gateway model 12.1 are really helpful to improve their home equipment to a supported model that patches the failings.
It is also suggested to not expose the administration interface to the web to cut back the danger of exploitation.
In current months, a number of security vulnerabilities in Citrix home equipment (CVE-2023-3519 and CVE-2023-4966) have been weaponized by menace actors to drop internet shells and hijack current authenticated classes.
VMware Fixes Vital Aria Automation Flaw
The disclosure comes as VMware alerted clients of a important security vulnerability in Aria Automation (beforehand vRealize Automation) that would permit an authenticated attacker to realize unauthorized entry to distant organizations and workflows.
The problem has been assigned the CVE identifier CVE-2023-34063 (CVSS rating: 9.9), with the Broadcom-owned virtualization providers supplier describing it as a “lacking entry management” flaw.
Commonwealth Scientific and Industrial Analysis Group’s (CSIRO) Scientific Computing Platforms group has been credited with discovering and reporting the security vulnerability.
The variations impacted by the vulnerability are supplied under –
“The one supported improve path after making use of the patch is to model 8.16,” VMware mentioned. “Should you improve to an intermediate model, the vulnerability will probably be reintroduced, requiring a further spherical of patching.”
Atlassian Discloses Vital Code Execution Bug
The event additionally follows Atlassian’s launch of patches for over two dozen vulnerabilities, together with a important distant code execution (RCE) flaw impacting Confluence Data Heart and Confluence Server.
The vulnerability, CVE-2023-22527, has been assigned a CVSS rating of 10.0, indicating most severity. It impacts variations 8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, and eight.5.0-8.5.3. It is price noting that 7.19.x LTS variations are usually not affected by the vulnerability.
“A template injection vulnerability on out-of-date variations of Confluence Data Heart and Server permits an unauthenticated attacker to realize RCE on an affected model,” the Australian firm mentioned.
The problem has been addressed in variations 8.5.4, 8.5.5 (Confluence Data Heart and Server), 8.6.0, 8.7.1, and eight.7.2 (Data Heart solely). Customers who’re on out-of-date situations are really helpful to replace their installations to the most recent model out there.
