CVE-2023-3519

CVE-2023-3519 is a critical remote code execution vulnerability that has affected Citrix's NetScaler ADC and NetScaler Gateway products. The vulnerability, which was given a severity rating of 9.8 out of 10 on the CVSS vulnerability scale, allows an attacker to exploit a flaw in software design or implementation to gain control over an affected system. In July, Citrix released a patch to mitigate this vulnerability, highlighting the severity and potential impact of the issue. Despite the release of the patch, threat actors have managed to weaponize CVE-2023-3519, along with other vulnerabilities, to drop web shells and hijack existing authenticated sessions. These attacks primarily targeted internet-facing Citrix Netscaler devices. The exploitation of these vulnerabilities, including CVE-2023-3519, demonstrates a range of techniques used by attackers to achieve initial access to victims' networks, such as spear-phishing emails and exploiting critical vulnerabilities in devices. The security community has recently warned that hackers are actively targeting Citrix servers by exploiting CVE-2023-3519. This highlights the continued risk posed by this vulnerability, even after the release of patches. It underscores the importance of timely patch application and continuous monitoring for any signs of attempted or successful exploitation. As part of their response, Citrix has released further security updates addressing not only CVE-2023-3519 but also other identified vulnerabilities (CVE-2023-3466, and CVE-2023-3467) in their NetScaler ADC and NetScaler Gateway products.