CVE-2023-3519: Critical Unauthenticated RCE Vulnerability in Citrix ADC and Citrix Gateway

Share :

On 18 July, 2023, Citrix disclosed a critical authentication bypass vulnerability affecting several versions of Citrix ADC and Citrix Gateway (CVE-2023-3519). The vulnerability was identified by independent security researchers, and was responsibly disclosed to Citrix. This vulnerability could allow a threat actor to execute arbitrary code on affected appliances and may also serve as an initial access vector for ransomware and other types of malicious campaigns.

Although no public proof-of-concept vulnerability is available yet, Citrix has stated that this vulnerability has been seen exploited in the wild. CISA’s Known Exploited Vulnerabilities Catalog lists Citrix ADC and Citrix Gateway among the products actively exploited. The US National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have advised that Chinese state-sponsored threat actors have exploited vulnerabilities in Citrix ADC, and Arctic Wolf has reviewed evidence of Russian-affiliated ransomware groups leveraging vulnerabilities in these products as well. We therefore strongly recommend upgrading to the patched versions on the impacted devices to prevent potential exploitation.

This bulletin only applies to customer-managed Citrix ADC and Citrix Gateway appliances as Citrix-managed cloud services are not affected.

Recommendation for CVE-2023-3519: Upgrade to Patched Versions of Citrix ADC or Citrix Gateway

Affected customers are recommended to download and install the following updated versions as soon as possible:

Affected version Patched version
NetScaler ADC and NetScaler Gateway  13.1  before 13.1-49.13 NetScaler ADC and NetScaler Gateway 13.1-49.13 and later releases
NetScaler ADC and NetScaler Gateway 13.0 before 13.0-91.13 NetScaler ADC and NetScaler Gateway 13.0-91.13  and later releases of 13.0
NetScaler ADC 13.1-FIPS before 13.1-37.159 NetScaler ADC 13.1-FIPS 13.1-37.159 and later releases of 13.1-FIPS
NetScaler ADC 12.1-FIPS before 12.1-55.297 NetScaler ADC 12.1-FIPS 12.1-55.297 and later releases of 12.1-FIPS
NetScaler ADC 12.1-NDcPP before 12.1-55.297 NetScaler ADC 12.1-NDcPP 12.1-55.297 and later releases of 12.1-NDcPP
NetScaler ADC and NetScaler Gateway version 12.1 (EOL) N/A


Citrix ADC and Citrix Gateway versions prior to 12.1 are EOL and customers on those versions are recommended to upgrade to one of the supported versions.

Please follow your organisations patching and testing guidelines to avoid any operational impact.


James Liolios

James Liolios

James Liolios is a Senior Threat Intelligence Researcher at Arctic Wolf, where he keeps a watchful eye on the latest threats and threat actors to understand the potential impact to Arctic Wolf customers. He has a background of 9 years' experience in many areas of cybersecurity, holds a bachelor's degree in Information Security, and is also CISSP certified.
Share :
Table of Contents