Unauthenticated remote code execution vulnerability in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway)
CVE-2023-3519
The CSSF has been made aware of a recent severe security vulnerability, 2023-3519. This is an unauthenticated remote code execution (RCE), affecting NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway).
CIRCL, the Computer Incident Center Luxembourg, published a technical report on this subject, including recommendations, available at this URL: https://circl.lu/pub/tr-75/.
The CSSF strongly recommends all supervised entities concerned to take duly note of this report and to take actions as appropriate.