NHS England Issues Cyber Alert for Exploited CVE-2023-6548 Vulnerability in NetScaler Devices

The NHS England National Cyber Security Operations Centre (CSOC) has issued a cyber alert following new intelligence from CrowdStrike regarding the CVE-2023-6548 vulnerability in Citrix’s NetScaler Gateway and NetScaler ADC devices, that is currently being exploited in the wild. Initially rated as less severe, this vulnerability has now been reassessed and classified as critical due to its ability to allow remote, unauthenticated attackers to execute arbitrary code without requiring user privileges.

CVE-2023-6548, a vulnerability involving improper control of code generation (‘Code Injection’), was initially disclosed by Citrix with a CVSSv3 score of 5.5. However, further analysis by CrowdStrike has revealed that the vulnerability is far more severe than first reported. The National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) has classified it with a CVSSv3 score of 8.8, indicating a higher risk level.

Citrix has confirmed active exploitation of this vulnerability, meaning attackers are already targeting unpatched systems. This emphasizes the urgency for immediate action by organizations using vulnerable products.

Due to the escalated severity and ongoing attacks, the NHS England CSOC strongly recommends updating to the latest available versions of NetScaler ADC and NetScaler Gateway software. This includes:

• 14.1 build 25.56
• 13.1 build 53.24
• 13.0 build 92.31

Related Posts:

• CVE-2023-6548 & 6549: Two new Citrix Netscaler zero-days exploited in attacks
• NHS England Digital Warns of Exploited Vulnerabilities in Arcserve UDP
• Researchers discover the first IoT worm that capable of surviving device reboots
• National Health Service (NHS) system encounters mysterious failure, local health care facilities plunged into chaos
• Critical Citrix Vulnerabilities Expose Sensitive Data, Cause DoS