On July 20, CISA warned about the exploitation of an unauthenticated remote code execution vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller and NetScaler Gateway. Attackers first exploited this vulnerability in June, when unidentified hackers used this as a zero-day to implant a webshell on a NetScaler appliance to collect and exfiltrate active directory data. This vulnerability is tracked as CVE-2023-3519 with a critical CVSS score of 9.8.
In the past three days, Imperva has seen a few thousand attacks targeting primarily US and Australian sites in the financial services, business, and telecommunications industries. Interestingly, despite being less than half of the attacking IPs, UK-based attackers accounted for almost 85% of the total exploitation attempts.
All of these vulnerabilities are blocked out of the box by Imperva Cloud WAF. Imperva WAF Gateway customers are automatically protected if they are subscribed to ThreatRadar Emergency Feeds, otherwise they will need to manually enable the signatures. As an additional precaution, all NetScaler customers should install the recommended patches.
Imperva is monitoring the situation and will provide updates as possible.
The post CVE-2023-3519: NetScaler (Citrix) RCE Blocked By Imperva appeared first on Blog.