Looney Tunables ช่องโหว่ใหม่ กระทบระบบปฏิบัติการ Linuxช่องโหว่ใหม่ ‘Looney Tunables’ กระทบระบบปฏิบัติการ Linux หลายตัว เช่น Fedora, Ubuntu และ Debian

Citrix Warns of New Zero-Day Vulnerabilities on Netscaler Under Active Exploitation

Citrix has issued a warning to users of Netscaler ADC and Gateway Appliance regarding two new Zero-day vulnerabilities, namely CVE-2023-6548 and CVE-2023-6549. These vulnerabilities expose the system to Remote Code Execution (RCE) and Denial-of-Service (DoS) attacks through the Netscaler Management Interface. However, for an attacker to exploit these vulnerabilities, they must first have a low-privilege account in the system. Additionally, the system must have Gateway features (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server enabled.

Impacted devices include:

  • NetScaler ADC and NetScaler Gateway 14.1 versions prior to 14.1-12.35
  • NetScaler ADC and NetScaler Gateway 13.1 versions prior to 13.1-51.15
  • NetScaler ADC and NetScaler Gateway 13.0 versions prior to 13.0-92.21
  • NetScaler ADC 13.1-FIPS versions prior to 13.1-37.176
  • NetScaler ADC 12.1-FIPS versions prior to 12.1-55.302
  • NetScaler ADC 12.1-NDcPP versions prior to 12.1-55.302

Citrix strongly advises system administrators to apply patches immediately, as these vulnerabilities are actively being exploited. Shadowserver’s investigation revealed over 1,500 Netscaler management interfaces directly connected to the internet.

 

Ref : https://www.bleepingcomputer.com/news/security/citrix-warns-of-new-netscaler-zero-days-exploited-in-attacks/

Translate »
This website uses cookies and asks your personal data to enhance your browsing experience.