In recent developments, several critical vulnerabilities have been identified in widely used software, exposing users to potential security risks. Citrix has issued alerts regarding the presence of two zero-day security vulnerabilities in NetScaler ADC (formerly known as Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). These vulnerabilities are currently under active exploitation in the wild. In a separate incident, VMware has notified its customers of a critical security vulnerability within Aria Automation, previously identified as vRealize Automation. This flaw poses a risk of enabling authenticated attackers to gain unauthorized access to remote organizations and workflows. Additionally, Atlassian has recently addressed a comprehensive list of vulnerabilities, among which is a critical remote code execution (RCE) flaw affecting Confluence Data Center and Confluence Server. Furthermore, Google has responded to an actively exploited zero-day vulnerability in its Chrome browser by releasing necessary updates to mitigate the associated risks. Organizations and individuals using Citrix, VMware, Atlassian, and Chrome are urged to take immediate action to secure their systems.
Citrix NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) Vulnerabilities
- CVEs:
- CVE-2023-6548 (CVSS score: 5.5) – Authenticated (low privileged) remote code execution on Management Interface (requires access to NSIP, CLIP, or SNIP with management interface access)
- CVE-2023-6549 (CVSS score: 8.2) – Denial-of-service (requires that the appliance be configured as a Gateway or authorization and accounting, or AAA, virtual server)
- Impacted Versions:
- NetScaler ADC and NetScaler Gateway 14.1 before 14.1-12.35
- NetScaler ADC and NetScaler Gateway 13.1 before 13.1-51.15
- NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.21
- NetScaler ADC and NetScaler Gateway version 12.1 (currently end-of-life)
- NetScaler ADC 13.1-FIPS before 13.1-37.176
- NetScaler ADC 12.1-FIPS before 12.1-55.302, and
- NetScaler ADC 12.1-NDcPP before 12.1-55.302
- Exploitability:
- Exploits of these CVEs on unmitigated appliances have been observed.
- Multiple vulnerabilities in Citrix appliances such as CVE-2023-3519 and CVE-2023-4966 have been exploited in the past for dropping web shells and hijacking authenticated sessions.
- Recommendations:
- Users of NetScaler ADC and NetScaler Gateway version 12.1 are recommended to upgrade their appliances to a supported version that patches the flaws.
- Also, it is recommended to not expose the management interface public to the internet to reduce the risk of the vulnerability’s exploitation.
VMware Aria Automation Vulnerability
- CVE:
- CVE-2023-34063 (CVSS score: 9.9) – A missing access control flaw that could allow an authenticated attacker to gain unauthorized access to remote organizations and workflows.
- Impacted Versions:
- VMware Aria Automation (8.11.x, 8.12.x, 8.13.x, and 8.14.x)
- VMware Cloud Foundation (4.x and 5.x)
- Recommendations:
- To remediate CVE-2023-34063 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ of VMware’s advisory.
- The only supported upgrade path after applying the patch is to version 8.16 otherwise the vulnerability will be reintroduced, requiring an additional round of patching.
Atlassian Confluence Data Center and Confluence Server Vulnerability
- CVE:
- CVE-2023-22527 (CVSS score: 10.0) – A template injection vulnerability on out-of-date versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected version.
- Impacted Versions:
- Confluence Data Center and Server 8.0.x
- Confluence Data Center and Server 8.1.x
- Confluence Data Center and Server 8.2.x
- Confluence Data Center and Server 8.3.x
- Confluence Data Center and Server 8.4.x
- Confluence Data Center and Server 8.5.0-8.5.3
- Recommendations:
- The issue has been addressed in versions 8.5.4, 8.5.5 (Confluence Data Center and Server), 8.6.0, 8.7.1, and 8.7.2 (Data Center only). Users who are on out-of-date instances are recommended to update their installations to the latest version available.
Chrome Zero-Day Vulnerability
- CVE:
- CVE-2024-0519 – Out of bounds memory access in V8 in Google Chrome allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- Impacted Versions:
- Google Chrome prior to 120.0.6099.224
- Exploitability:
- Google is aware of reports that an exploit for CVE-2024-0519 exists in the wild.
- Last year, Google resolved a total of 8 actively exploited zero-days in Chrome.
- Recommendations:
- Users are recommended to upgrade to Chrome version 120.0.6099.224/225 for Windows, 120.0.6099.234 for macOS, and 120.0.6099.224 for Linux to mitigate potential threats.
- Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.
References
- https://www.bleepingcomputer.com/news/security/citrix-warns-of-new-netscaler-zero-days-exploited-in-attacks/
- https://www.bleepingcomputer.com/news/security/atlassian-warns-of-critical-rce-flaw-in-older-confluence-versions/
- https://www.bleepingcomputer.com/news/security/google-fixes-first-actively-exploited-chrome-zero-day-of-2024/
- https://thehackernews.com/2024/01/citrix-vmware-and-atlassian-hit-with.html
- https://thehackernews.com/2024/01/zero-day-alert-update-chrome-now-to-fix.html
- https://www.vmware.com/security/advisories/VMSA-2024-0001.html
- https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549
- https://nvd.nist.gov/vuln/detail/CVE-2023-34063
- https://nvd.nist.gov/vuln/detail/CVE-2023-22527
- https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html
- https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-0519