cbcvebase.
CVE-2023-3467
published 2023-07-19

CVE-2023-3467: Privilege Escalation to root administrator (nsroot)

PriorityP278high8CVSS 3.1
AVAACLPRLUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
2.10%
79.3th percentile
Privilege Escalation to root administrator (nsroot)

Affected

19 ranges
VendorProductVersion rangeFixed in
citrixcitrix_adc
citrixcitrix_gateway
citrixnetscaler_adc
citrixnetscaler_adc>= 12.1-FIPS < 55.29755.297
citrixnetscaler_adc>= 12.1-NDcPP < 55.29755.297
citrixnetscaler_adc>= 13.0 < 91.1391.13
citrixnetscaler_adc>= 13.1 < 49.1349.13
citrixnetscaler_adc>= 13.1-FIPS < 37.15937.159
citrixnetscaler_application_delivery_controller
citrixnetscaler_application_delivery_controller>= 12.1 < 12.1-55.29712.1-55.297
citrixnetscaler_application_delivery_controller>= 13.0 < 13.0-91.1313.0-91.13
citrixnetscaler_application_delivery_controller>= 13.1 < 13.1-37.15913.1-37.159
citrixnetscaler_application_delivery_controller>= 13.1 < 13.1-49.1313.1-49.13
citrixnetscaler_gateway
citrixnetscaler_gateway>= 13.0 < 91.1391.13
citrixnetscaler_gateway>= 13.0 < 13.0-91.1313.0-91.13
citrixnetscaler_gateway>= 13.1 < 49.1349.13
citrixnetscaler_gateway>= 13.1 < 13.1-49.1313.1-49.13
citrixxenserver

Detection & IOCsextracted from sources · hover to see the quote

hash293fe23849cffb460e8d28691c640a5292fd4649b0f94a019b45cc586be83fd9
  • Palo Alto Networks Threat Prevention signature 94145 can help block attacks related to this CVE cluster (CVE-2023-3519/3466/3467).
  • CVE-2023-3467 requires authenticated access to NSIP or SNIP with management interface access; monitor for unexpected privilege escalation to nsroot on NetScaler management interfaces.
  • ·CVE-2023-3467 exploitation requires the attacker to already have authenticated access to the NSIP or SNIP with management interface access — it is not unauthenticated.
  • ·Only customer-managed (not Citrix-managed) NetScaler ADC and NetScaler Gateway appliances are vulnerable; Citrix-managed instances have already been mitigated.
  • ·NetScaler ADC and NetScaler Gateway version 12.1 is End of Life (EOL) and will not receive patches; customers must upgrade to a supported version.

CVSS provenance

nvdv3.18.0HIGHCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vulncheck8.0HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.