Governance & Risk Management , Patch Management

NetScaler, Atlassian, VMware Disclose Critical Flaws

Citrix NetScaler ADC and Gateway Bugs Exploited in the Wild
NetScaler, Atlassian, VMware Disclose Critical Flaws
Tuesday was a heavy day for patches. (Image: Shutterstock)

IT infrastructure mainstays including NetScaler, Atlassian and VMware on Tuesday released fixes for vulnerabilities including some allowing malicious takeover of appliances.

See Also: Cyber Hygiene and Asset Management Perception vs. Reality

NetScaler - formerly known as Citrix - warned customers of two zero-day vulnerabilities that researchers say are being exploited in the wild.

One flaw, tracked as CVE-2023-6548, allows attackers with access to low-privilege accounts to potentially execute remote code on NetScaler ADC and Gateway appliances. The flaw, NetScaler said, only affects the management interface, which should not be exposed to the internet.

The other flaw, tracked as CVE-2023-6549, could result in denial of service if the appliance is configured as a gateway, such as VPN virtual server.

Only customer-managed NetScaler appliances are affected; NetScaler-managed cloud services are not.

The Shadowserver Foundation reported finding more than 1,400 exposed NetScaler management interfaces on the internet. British cybersecurity researcher Kevin Beaumont downplayed the overall impact of the bugs since they require of access and account rights. "I don't think they will be impactful, i.e. don't drop everything, patch as usual, unless the information changes. The RCE one needs management interface access and an account according to Citrix," Beaumont said on Mastadon.

The U.S. Cybersecurity and Infrastructure Security Agency on Wednesday added the two vulnerabilities to its known exploited vulnerabilities catalog.

Atlassian Patches Critical Bugs

Australian tech firm Atlassian released patches for more two dozen vulnerabilities, including a critical remote code execution flaw tracked as CVE-2023-22527 that affects Confluence Data Center and Confluence Server products.

The Australian Cyber Security Center issued a security advisory recommending that organizations follow guidance issued by Atlassian.

CVE-2023-22527 is a template injection vulnerability on out-of-date versions of Confluence Data Center and Server instances that allows an unauthenticated attacker remote code execution on an affected version, Atlassian said. The company advised users of out-of-date instances to update their installations to the latest available version.

Security researcher Petrus Viet, credited for discovering this vulnerability, said in a post on X, formerly Twitter, that the bug was present in a previous version, meaning those who updated their servers in December are not affected. The company nonetheless created a CVE for its unpatched customers and awarded a bounty to the researcher.

VMware Patches Aria Automation Flaw

VMware issued a patch for a bug in VMware Aria Automation, telling customers the flaw "qualifies as an emergency change, necessitating prompt action." The company said it is not aware of exploits in the wild.

Tracked as CVE-2023-34063, the flaw allows an authenticated attacker to gain access to organizations and workflows. Aria Automation is a multi-cloud provisioning service.

About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.