A critical vulnerability in Citrix NetScaler has resulted in 13 “nationally significant incidents” in the UK this year, as reported by the UK’s National Cyber Security Centre (NCSC). The alert follows Citrix’s warning in July regarding a zero-day leak actively exploited in attacks, for which Citrix subsequently released updates. This year, the NCSC received a record-breaking two thousand reports on security incidents.
The majority of these incidents revolved around the exploitation of vulnerabilities in applications, aiming to gain unauthorized access to organizational networks. The NCSC specifically highlights the Citrix leak identified as CVE-2023-3519. This vulnerability allows an unauthenticated attacker to seize control of vulnerable servers, including the NetScaler ADC and NetScaler Gateway. The latter is widely employed by numerous companies to enable remote staff to access business systems from home.
Exploitation of this vulnerability led to the occurrence of “thirteen several nationally significant incidents,” according to the NCSC. However, specific details regarding these incidents and their repercussions have not been disclosed. The NCSC’s 2023 annual report emphasized proactive measures, stating, “To prevent such incidents caused by poor cyber hygiene, the NCSC has sent more than 16,000 reports about vulnerable applications through the alert service.”