Citrix Netscaler Active Exploit
Date of Notice: 07/19/2023
Action Level - Critical
Citrix has released information about a critical vulnerability which is currently being exploited in the wild. If exploited, an attacker could execute code remotely on the device without authentication. There are currently updates for all supported versions of ADC and Gateway, and Citrix recommends updating any vulnerable assets as soon as possible
- NetScaler ADC and NetScaler Gateway 13.1-49.13 and later releases
- NetScaler ADC and NetScaler Gateway 13.0-91.13 and later releases of 13.0
- NetScaler ADC 13.1-FIPS 13.1-37.159 and later releases of 13.1-FIPS
- NetScaler ADC 12.1-FIPS 12.1-65.36 and later releases of 12.1-FIPS
- NetScaler ADC 12.1-NDcPP 12.1-65.36 and later releases of 12.1-NDcPP
Note: ADC & Gateway versions 12.1 are end of life and vulnerable to this exploit
An attacker with network access to a device running Citrix Netscaler ADC or Gateway, with or without authentication.
This vulnerability is currently being exploited in the wild.
There are no mitigations to this vulnerability
Update to a current supported version of Citrix Netscaler.