In a recent advisory, Citrix has urged its customers to promptly update their Netscaler ADC and Gateway appliances to safeguard against two zero-day vulnerabilities that are actively being exploited. These vulnerabilities, tracked as CVE-2023-6548 and CVE-2023-6549, impact the Netscaler management interface and pose risks of remote code execution and denial-of-service attacks, respectively.

It is important to note that attackers trying to exploit the code execution vulnerability must be logged in to low-privilege accounts on the targeted instance and must have access to NSIP, CLIP, or SNIP with management interface access. In the case of the denial-of-service vulnerability, the appliances must be configured as a gateway or an AAA virtual server.

Affected by these zero-day vulnerabilities are only customer-managed NetScaler appliances, while Citrix-managed cloud services and Citrix-managed Adaptive Authentication remain unaffected. Citrix has provided a list of Netscaler product versions that are vulnerable to these zero-day vulnerabilities.

According to Shadowserver, a threat monitoring platform, over 1,500 Netscaler management interfaces are currently exposed on the Internet. This highlights the urgency for administrators to patch their appliances immediately.

Citrix emphasizes the importance of installing the relevant updated versions in order to mitigate potential attacks. The company has observed exploits of these vulnerabilities on unpatched appliances and strongly urges affected customers to take immediate action.

For those still using NetScaler ADC and NetScaler Gateway version 12.1 end-of-life software, Citrix advises upgrading to a version that is still under support. In cases where immediate deployment of security updates is not possible, administrators are advised to block network traffic to vulnerable instances and ensure that they are not exposed online.

To further enhance security, Citrix recommends that the management interface of the appliance be separated from normal network traffic, either physically or logically. Exposing the management interface to the internet significantly increases the risk of exploitation.

This is not the first time that Citrix's Netscaler appliances have faced critical flaws. In October, a critical Netscaler vulnerability, tracked as CVE-2023-4966 (also known as Citrix Bleed), was exploited as a zero-day by threat groups worldwide, targeting government organizations and high-profile tech companies such as Boeing.

The Health Sector Cybersecurity Coordination Center (HC3) within the U.S. Department of Health and Human Services (HHS) has also issued an alert, urging healthcare organizations to secure their NetScaler ADC and NetScaler Gateway instances against the growing threat of ransomware attacks.

Given the active exploitation of these zero-day vulnerabilities, Citrix's advisory serves as a crucial reminder for organizations to prioritize the immediate patching of their Netscaler appliances in order to effectively safeguard their networks against potential attacks.