This week, Citrix’s NetScaler ADC and NetScaler Gateway products are under active attack thanks to two zero-day vulnerabilities - CVE-2023-6549 and CVE-2023-6548. CVE-2023-6548 (CVSS 5.5) is a vulnerability that allows attackers to remotely execute code on management interfaces, while CVE-2023-6549 (CVSS 8.2) is a denial-of-service vulnerability.  

The affected NetScaler ADC and NetScaler Gateway versions are as follows:  

  • NetScaler ADC and NetScaler Gateway 14.1 before 14.1-12.35 
  • NetScaler ADC and NetScaler Gateway 13.1 before 13.1-51.15 
  • NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.21 
  • NetScaler ADC 13.1-FIPS before 13.1-37.176 
  • NetScaler ADC 12.1-FIPS before 12.1-55.302 
  • NetScaler ADC 12.1-NDcPP before 12.1-55.302 

Citrix's Cloud Software Group suggests keeping the network traffic to the appliance's management interface separate, either by physically or logically separating it from the regular network traffic. The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical directive to all U.S. federal agencies regarding the security of their systems. Patching for CVE-2023-6548 should be completed within one week, by Wednesday, January 24. Patching for CVE-2023-6549 should be completed within three weeks, by February 7.  



avertium's recommendationS

  • Citrix recommends that customers using NetScaler ADC and Gateway, install the relevant updates as soon as possible. The security advisory provides detailed information on affected versions and mitigation steps. 
  • As stated above, Cloud Software Group recommends separating network traffic to the appliance’s management interface and not exposing it to the internet to reduce the risk of exploitation.  




At this time, there are no known IoCs associated with CVE-2023-6549 and CVE-2023-6548. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.    



How Avertium is Protecting Our CUSTOMERS

  • Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium offers Attack Surface Management, so you’ll have no more blind spots, weak links, or fire drills. See every threat in your attack surface, every device, every entry point, and every vulnerability. Our Attack Surface Management services include:  
    • Risk Assessments 
    • Pen Testing and Social Engineering  
    • Infrastructure Architecture and Integration  
    • Zero Trust Network Architecture 
    • Vulnerability Management 
  • We highly value your feedback. Kindly spare a moment to complete our feedback form, allowing us to enhance our services for our valued customers. 



NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549 (citrix.com) 

New zero-days in Citrix NetScaler ADC, Gateway under attack | TechTarget 

CISA pushes federal agencies to patch Citrix RCE within a week (bleepingcomputer.com) 


Chat With One of Our Experts

Citrix Gateway vulnerability citrix netscaler vulnerability Citrix Citrix ADC vulnerability Zero-Day Vulnerability Flash Notice Citrix Vulnerability Blog