CVE-2023-3519

Vulnerability updated 15 days ago (2024-11-29T13:49:30.171Z)
Download STIX
Preview STIX
CVE-2023-3519 is a critical remote code execution vulnerability that has affected Citrix's NetScaler ADC and NetScaler Gateway products. The vulnerability, which was given a severity rating of 9.8 out of 10 on the CVSS vulnerability scale, allows an attacker to exploit a flaw in software design or implementation to gain control over an affected system. In July, Citrix released a patch to mitigate this vulnerability, highlighting the severity and potential impact of the issue. Despite the release of the patch, threat actors have managed to weaponize CVE-2023-3519, along with other vulnerabilities, to drop web shells and hijack existing authenticated sessions. These attacks primarily targeted internet-facing Citrix Netscaler devices. The exploitation of these vulnerabilities, including CVE-2023-3519, demonstrates a range of techniques used by attackers to achieve initial access to victims' networks, such as spear-phishing emails and exploiting critical vulnerabilities in devices. The security community has recently warned that hackers are actively targeting Citrix servers by exploiting CVE-2023-3519. This highlights the continued risk posed by this vulnerability, even after the release of patches. It underscores the importance of timely patch application and continuous monitoring for any signs of attempted or successful exploitation. As part of their response, Citrix has released further security updates addressing not only CVE-2023-3519 but also other identified vulnerabilities (CVE-2023-3466, and CVE-2023-3467) in their NetScaler ADC and NetScaler Gateway products.
Description last updated: 2024-08-14T08:45:02.883Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
citrix
netscaler
Vulnerability
CISA
Netscalers
Exploit
Sophos
RCE (Remote ...
Remote Code ...
Mandiant
Zero Day
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The FIN8 Threat Actor is associated with CVE-2023-3519. FIN8, also known as Syssphinx, is a financially motivated cybercrime group that has been active since at least January 2016. This threat actor is notorious for targeting organizations across various sectors including hospitality, retail, entertainment, insurance, technology, chemicals, and finance. Unspecified
4
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The vulnerability CVE-2023-3466 is associated with CVE-2023-3519. Unspecified
2
Source Document References
Information about the CVE-2023-3519 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Trend Micro
23 days ago
CISA
a month ago
DARKReading
3 months ago
CISA
3 months ago
CISA
4 months ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago
CERT-EU
a year ago
CISA
4 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
Securityaffairs
7 months ago
Securityaffairs
7 months ago
Securityaffairs
8 months ago