If no compromise is detected, organizations should immediately apply patches provided by Citrix. If potential compromise is detected, organizations should apply the incident response recommendations provided in this CSA. CISA encourages critical infrastructure organizations to use the detection guidance included in this advisory for help with determining system compromise. This advisory provides tactics, techniques, and procedures (TTPs) and detection methods shared with CISA by the victim. Citrix released a patch for this vulnerability on July 18, 2023. The victim organization identified the compromise and reported the activity to CISA and Citrix. The actors attempted to move laterally to a domain controller but network-segmentation controls for the appliance blocked movement. The webshell enabled the actors to perform discovery on the victim’s active directory (AD) and collect and exfiltrate AD data. In June 2023, threat actors exploited this vulnerability as a zero-day to drop a webshell on a critical infrastructure organization’s non-production environment NetScaler ADC appliance. The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory to warn network defenders about exploitation of CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller (ADC) and NetScaler Gateway.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |