Citrix solutions have critical vulnerabilities - update now!
January 2024 by Sylvain Cortes, VP Strategy and 17x Microsoft MVP, Hackuity
Two new critical CVE’s have been identified in Citrix’s NetScaler ADC and NetScaler Gateway solutions. These were disclosed on Tuesday and have led Citrix to urge its customers to update immediately. Sylvain Cortes, VP Strategy at Risk-Based Vulnerability Management specialists, Hackuity, comments:
"These two CVEs (Common Vulnerabilities and Exposures), CVE-2023-6548 and CVE-2023-6549 are still being analysed by NVD, but the CISA KEV repository already considers these two CVEs to be exploitable and extremely dangerous. What’s more, our Threat Bots indicate that these two vulnerabilities are currently being actively exploited by attacker groups, so it’s vital to patch or implement precautionary measures for them.
Unfortunately, these two CVEs are the next in a series of vulnerabilities which have affected NetScaler ADC and NetScaler Gateway over the course of 2023 - last year, production teams already had to urgently patch 5 other critical vulnerabilities affecting these two products."