Citrix confirms two new NetScaler vulnerabilities as firms urged to patch immediately
Citrix has issued patches for two new vulnerabilities in its NetScaler ADC and Gateway appliances


Citrix has urged firms to apply new updates after the discovery of two vulnerabilities in its NetScaler ADC and NetScaler Gateway products.
The two vulnerabilities, CVE-2023-6548 and CVE-2023-6549, come just months after the company struggled to contain the critical Citrix Bleed security flaw.
CVE-2023-6549 consists of a denial of service (DoS) vulnerability in the NetScaler ADC and Gateway appliances. With an 8.2 CVSS rating this flaw is judged to be a high-severity vulnerability that hackers can exploit if the appliance has been configured as a gateway or AAA virtual server.
A blog published by Citrix’s parent company, the Cloud Software Group, revealed the firm is aware of a “limited number of exploits of each vulnerability in the wild”.
The company was unable to provide any mitigations or workarounds to this vulnerability, urging customers download and apply the permanent fixes available for NetScaler ADC and NetScaler Gateway as soon as possible.
The vulnerability CVE-2023-6548 is an authenticated remote code execution (RCE) exploit involving the management interface, classified as a 5.5 on the CVSS.
The relatively low severity rating could reflect the fact that exploiting this vulnerability requires an authenticated attacker with low level privileges to have access to NetScaler IP (NSIP), Subnet IP (SNIP), or cluster management IP (CLIP) with access to the system’s management interface.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
In addition to immediately installing the recommended builds, customers are advised to ensure they have not exposed the management interface on the public internet and instead use a private network to host the NetScaler management IP.
A difficult period for Citrix only gets worse
CVE-2023-6548 and CVE-2023-6549 are the second and third vulnerabilities discovered in Citrix appliances over the previous four months, with 2024 picking up where a challenging 2023 left off.
A critical vulnerability in the NetScaler system that became known as Citrix Bleed, or CVE-2023-4966, was identified by the company on 10 October 2023.
This critical security flaw enabled threat actors to steal sensitive information through Citrix devices and received a 9.2 CVSS rating.
The prevalence of NetScaler gateways used for single sign-on (SSO) and remote access systems for large enterprises meant this security flaw could have serious ramifications if widely exploited.
On 15 November 2023, ITPro reported ransomware gangs were still capitalizing on the flaw to target several high profile organizations, including Chinese bank ICBC, who reportedly paid a ransom in order to resume operations.
CVE-2023-6548 and CVE-2023-6549 appear to be less dangerous vulnerabilities, with researchers at security firm Tenable, Satnam Narang and Scott Caveza, predicting they will not be as widely exploited as Citrix Bleed.
RELATED RESOURCE
Discover where network monitoring tools fail based on end-user connectivity
DOWNLOAD NOW
“The impact from these two new zero-day vulnerabilities is not expected to be as significant as Citrix Bleed. Nonetheless, organizations that do use these appliances in their networks should apply the available patches as soon as possible."
Chris Morgan, senior cyber threat intelligence analyst at security company ReliaQuest, said CVE-2023-6548 has the potential to be a significant vulnerability by virtue of the number of attackers who will try to exploit it.
“Of the two vulnerabilities, CVE-2023-6548, is likely to receive a significant amount of interest from threat actors. The vulnerability, a remote code execution (RCE) vulnerability, can be exploited by an authenticated attacker with low privileges if they are able to access NetScaler IP (NSIP), Subnet IP (SNIP), or cluster management IP (CLIP) with access to the appliance’s management interface.”
Morgan predicted the number of attempts to exploit this vulnerability will increase considerably once a working proof of concept is published.
“The scale of exploitation of this issue is currently unclear, however will likely increase dramatically once a working proof of concept (PoC) is released; given the likely interest in these vulnerabilities, this will likely surface in the short-term (1- 3 months). Users are highly recommended to upgrade susceptible appliances that support these vulnerabilities. Additionally, ensuring logging adequately provides visibility of susceptible appliances, to assist with detection of suspicious activity.”

Solomon Klappholz is a former staff writer for ITPro and ChannelPro. He has experience writing about the technologies that facilitate industrial manufacturing, which led to him developing a particular interest in cybersecurity, IT regulation, industrial infrastructure applications, and machine learning.
-
What is polymorphic malware?
Explainer Polymorphic malware constantly changes its code to avoid detection, making it a top cybersecurity threat that demands advanced, behavior-based defenses
-
Outgoing Kaseya CEO teases "this is just the beginning" for the company
Opinion We spoke to Fred Voccola who remains a key figurehead at the firm as it enters its next chapter...
-
Citrix mulling potential sale after tumultuous 2021
News Share prices have tumbled due to consecutive quarters of "mixed" financial results
-
Citrix ShareFile review: Slick collaboration, stonking price
Reviews An affordable cloud service that’s easy to manage and perfect for businesses that need to share huge files
-
Server virtualization: What is it and what are the benefits?
In-depth Server virtualization offers a quick and effective way of creating a more efficient IT infrastructure, but how does it work?
-
Everything you need to know about Citrix
In-depth A comprehensive guide to Citrix, tracing its history from on-premises virtualization to cloud services, highlighting key acquisitions and business mission
-
Citrix ShareFile: grown-up file sharing
In-depth Steve Cassidy takes a look at what ShareFile has to offer.
-
Citrix Synergy 2013: Citrix eyes mobile enterprise with latest XenDesktop version
News First fruits of Project Avalon are borne as Citrix offers businesses a way to maximise legacy Windows app investments in the mobile world.
-
Citrix Synergy 2012: Citrix takes a legendary turn with project Avalon
News Virtualisation giant stretches 'as a service' possibilities with mythical new offering.
-
Citrix Synergy 2012: Citrix and Cisco team up to push cloud services
News Firms to develop unified a access point for applications, data, voice and video.