CVE-2023-3519 is a critical remote code execution (RCE) vulnerability in Citrix NetScaler ADC and NetScaler Gateway. It allows an unauthenticated attacker to execute arbitrary code on a vulnerable device simply by sending a specially crafted HTTP GET request.
The vulnerability was first disclosed in June 2023, and Citrix released a patch for it in July 2023. However, in September 2023, the Cybersecurity and Infrastructure Security Agency (CISA) warned that threat actors were actively exploiting CVE-2023-3519 in the wild.
Vulnerable versions
The following versions of Citrix NetScaler ADC and NetScaler Gateway are vulnerable to CVE-2023-3519:
- Citrix NetScaler ADC 13.0-77.31 and earlier
- Citrix NetScaler Gateway 13.0-77.31 and earlier
How to fix it
The best way to protect yourself from CVE-2023-3519 is to upgrade to the latest version of Citrix NetScaler ADC or NetScaler Gateway as soon as possible. If you are unable to upgrade immediately, Citrix has provided a workaround that can be implemented to mitigate the risk of exploitation.
To implement the workaround, you will need to create a new firewall rule to block all HTTP GET requests to the following path:
/vpn/portal/login
Once you have created the firewall rule, you will need to restart the Citrix NetScaler ADC or NetScaler Gateway service.
Additional recommendations
In addition to upgrading or implementing the workaround, there are a few other things you can do to protect yourself from CVE-2023-3519:
- Enable two-factor authentication (2FA) for all users of Citrix NetScaler ADC and NetScaler Gateway.
- Implement a web application firewall (WAF) to protect your Citrix NetScaler ADC and NetScaler Gateway devices from common attack vectors.
- Monitor your Citrix NetScaler ADC and NetScaler Gateway devices for suspicious activity.