"Urgent Security Alert: Critical Zero-Day Exploits Target Atlassian, Citrix, and VMware Products"
Citrix has warned customers to immediately patch their Netscaler ADC and Gateway appliances against two actively exploited zero-day vulnerabilities, CVE-2023-6548 and CVE-2023-6549, which can lead to remote code execution and denial-of-service attacks. The vulnerabilities impact the Netscaler management interface and affect specific product versions. Citrix advises affected customers to install updated versions, separate the management interface from normal network traffic, and avoid exposing it to the internet to reduce the risk of exploitation. Additionally, a previous critical Netscaler flaw, CVE-2023-4966, was also exploited as a zero-day, prompting alerts from organizations like HHS' Health Sector Cybersecurity Coordination Center to secure their Netscaler instances against ransomware attacks.