CVE-2023-3519

Name of the Vulnerable Software and Affected Versions Citrix NetScaler ADC (affected versions not specified) Citrix NetScaler Gateway (affected versions not specified)

Description An issue in Citrix NetScaler ADC and NetScaler Gateway involves incorrect code generation management, leading to unauthenticated remote code execution. This allows a remote attacker to execute arbitrary code on the affected systems. Real-world exploitation has been observed, including the INC ransomware group targeting healthcare networks in Oceania using spear-phishing and credential dumping for lateral movement. Additionally, mass exploitation campaigns have resulted in the placement of PHP webshells on approximately 1,952 devices to maintain persistent access, even after systems were patched or rebooted. It is estimated that 6.3% of all active NetScaler instances were compromised during these campaigns, with over 5,500 instances remaining vulnerable at one point of analysis.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.