Communiqué

Vulnérabilité d’exécution non authentifiée de code à distance dans NetScaler ADC (anciennement Citrix ADC) et NetScaler Gateway (anciennement Citrix Gateway) (uniquement en anglais)

CVE-2023-3519

The CSSF has been made aware of a recent severe security vulnerability, 2023-3519. This is an unauthenticated remote code execution (RCE), affecting NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway).

CIRCL, the Computer Incident Center Luxembourg, published a technical report on this subject, including recommendations, available at this URL: https://circl.lu/pub/tr-75/.

The CSSF strongly recommends all supervised entities concerned to take duly note of this report and to take actions as appropriate.