HACKERS MAY HACK INTO KAZAKHSTANI COMPANIES USING CITRIX PRODUCTS
JSC “State Technical Service” (hereinafter – JSC “STS”) reports that 27 IP addresses using Citrix NetScaler ADC and NetScaler Gateway products have been found to be potentially exposed to a vulnerability with a high level of criticality identifier CVE-2023-3519.
According to CVSSv3.1 (Common Vulnerability Scoring System), the vulnerability has a rating of 9.8 out of 10. It allows an attacker to execute arbitrary code without authorization. The vulnerability occurs when sending too many canonicalization or transformation methods in a SAML message.
SAML is a protocol used to exchange credentials and access rights information between an identity provider and a service provider.
NetScaler Application Delivery Controller (ADC) is a hardware and software network controller that is a full-featured solution for handling and distributing traffic and managing applications that run on the network. One of the main features of the NetScaler ADC is server load balancing, which allows requests to be distributed across multiple servers, ensuring that requests are implemented evenly and preventing congestion.
Citrix NetScaler Gateway is a secure application access solution that extends the capabilities of NetScaler ADC and enables users to securely connect to applications using SSL encryption and VPN connections. At the same time, Citrix NetScaler Gateway provides flexible policies and mechanisms for authentication, access control, and real-time threat protection at the data and application layers.
It is known, in the massive CVE-2023-3519 attacks since 20 July this year, about 640 servers worldwide Citrix Netscaler ADC and Gateway have already been compromised and infected with backdoors. Also, years earlier, ransomware groups REvil and DoppelPaymer exploited similar Citrix Netscaler ADC and Gateway vulnerabilities to compromise corporate networks in past attacks.
It should be noted that an attacker taking advantage of the vulnerability can inject malware, steal sensitive data and launch further attacks on the network, compromising the security of the entire network infrastructure.
It is also worth noting that on 18 July 2023, Citrix published a security bulletin that, in addition to CVE-2023-3519, reported two more vulnerabilities affecting NetScaler ADC and NetScaler Gateway products: CVE-2023-3466, CVE-2023-3467.
The National Computer Incident Response Service sent notifications to IP address owners via MISP and email advising them to apply the recommendations immediately to avoid possible risks and threats to information security.
Recommendations for users using Citrix products are available at cert.gov.kz.
If you have encountered an information security incident, please inform us by calling toll-free number 1400 (24 hours a day), via telegram-bot @KZ_CERT_chat_bot or email: email@example.com.