Citrix is warning of two zero-day security vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (previously Citrix Gateway) that are becoming actively exploited in the wild.
The flaws are mentioned beneath –
- CVE-2023-6548 (CVSS rating: 5.5) – Authenticated (small privileged) remote code execution on Administration Interface (necessitates entry to NSIP, CLIP, or SNIP with administration interface accessibility)
- CVE-2023-6549 (CVSS rating: 8.2) – Denial-of-assistance (calls for that the equipment be configured as a Gateway or authorization and accounting, or AAA, virtual server)
The next buyer-managed variations of NetScaler ADC and NetScaler Gateway are impacted by the shortcomings –
- NetScaler ADC and NetScaler Gateway 14.1 before 14.1-12.35
- NetScaler ADC and NetScaler Gateway 13.1 before 13.1-51.15
- NetScaler ADC and NetScaler Gateway 13.0 before 13.-92.21
- NetScaler ADC and NetScaler Gateway edition 12.1 (at the moment finish-of-existence)
- NetScaler ADC 13.1-FIPS prior to 13.1-37.176
- NetScaler ADC 12.1-FIPS before 12.1-55.302, and
- NetScaler ADC 12.1-NDcPP just before 12.1-55.302
“Exploits of these CVEs on unmitigated appliances have been observed,” Citrix explained, with out sharing any supplemental details. Consumers of NetScaler ADC and NetScaler Gateway version 12.1 are advised to update their appliances to a supported version that patches the flaws.
It is really also encouraged to not expose the administration interface to the internet to minimize the risk of exploitation.
In the latest months, various security vulnerabilities in Citrix appliances (CVE-2023-3519 and CVE-2023-4966) have been weaponized by threat actors to drop web shells and hijack current authenticated classes.
VMware Fixes Critical Aria Automation Flaw
The disclosure will come as VMware alerted shoppers of a critical security vulnerability in Aria Automation (previously vRealize Automation) that could permit an authenticated attacker to obtain unauthorized obtain to distant organizations and workflows.
The issue has been assigned the CVE identifier CVE-2023-34063 (CVSS rating: 9.9), with the Broadcom-owned virtualization companies supplier describing it as a “lacking obtain control” flaw.
Commonwealth Scientific and Industrial Exploration Organization’s (CSIRO) Scientific Computing Platforms staff has been credited with discovering and reporting the security vulnerability.
The versions impacted by the vulnerability are provided down below –
- VMware Aria Automation (8.11.x, 8.12.x, 8.13.x, and 8.14.x)
- VMware Cloud Foundation (4.x and 5.x)
“The only supported up grade path soon after applying the patch is to version 8.16,” VMware said. “If you improve to an intermediate version, the vulnerability will be reintroduced, requiring an further spherical of patching.”
Atlassian Discloses Critical Code Execution Bug
The enhancement also follows Atlassian’s launch of patches for around two dozen vulnerabilities, including a critical remote code execution (RCE) flaw impacting Confluence Data Center and Confluence Server.
The vulnerability, CVE-2023-22527, has been assigned a CVSS score of 10., indicating maximum severity. It impacts variations 8..x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, and 8.5.-8.5.3. It’s value noting that 7.19.x LTS versions are not affected by the vulnerability.
“A template injection vulnerability on out-of-day variations of Confluence Facts Heart and Server will allow an unauthenticated attacker to reach RCE on an influenced version,” the Australian corporation explained.
The issue has been resolved in variations 8.5.4, 8.5.5 (Confluence Information Heart and Server), 8.6., 8.7.1, and 8.7.2 (Information Center only). Customers who are on out-of-date cases are advisable to update their installations to the most recent variation accessible.
Discovered this posting appealing? Adhere to us on Twitter and LinkedIn to study a lot more exclusive information we publish.
Some parts of this article are sourced from:
thehackernews.com