Latest news »

Escalating privileges in Citrix ADC

Part of Citrix’s solution line-up, Citrix ADC (formerly NetScaler ADC) is an application delivery and load balancing solution.

In March 2023, two of Resillion’s ethical hackers (Jorren Geurts & Wouter Rijkbost) identified a vulnerability within Citrix ADC that allowed anyone with access to the management interface to escalate their privileges up to root. Essentially giving them full control over the system, which could be used to gain access to sensitive data, disrupt business processes, run malicious commands, install malware, and gain further access into the network. The vulnerability was disclosed to Citrix on March 15, 2023 under their Responsible Disclosure program.

Read more about the vulnerability here: Resillion Citrix Vulnerability Report

On July 18, 2023, the following CVE was assigned: CVE-2023-3467.

Affected versions:

  • NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.13
  • NetScaler ADC and NetScaler Gateway 13.0 before 13.0-91.13
  • NetScaler ADC 13.1-FIPS before 13.1-37.159
  • NetScaler ADC 12.1-FIPS before 12.1-55.297
  • NetScaler ADC 12.1-NDcPP before 12.1-55.297

Note: NetScaler ADC and NetScaler Gateway version 12.1 is now End Of Life (EOL) and is vulnerable.

Here to help

Get in touch with our team of experts

Contact us now

Our Accreditations and Certifications

Crest Accreditation Resillion
Check Penetration Testing
RvA L690 Accreditation
ISO 27001
ISO 9001 Resillion
CCV Cyber Pentest
Cyber Essentials
CE+assessor

Contact Us