Get Help Now

Get expert threat analysis weekly. Sign up to receive our Threat Briefing:


    Date: 10/11/2023

    Citrix NetScaler Vulnerability Exploited


    A previously disclosed vulnerability in Citrix NetScaler ADC and Gateway devices is being actively exploited. The vulnerability is tracked as CVE-2023-3519 (CVSS score: 9.8) and is an unauthenticated, remote code execution vulnerability that can be exploited by sending a crafted web request to a vulnerable system.

    Potential Impact

    Exploitation has been known to result in a web shell being dropped on the vulnerable system. Threat actors then use the web shell to insert a malicious script into the HTML content of the authentication web page to capture user credentials. Captured credentials are then likely sent to an attacker-controlled remote server.

    Recommended Actions

    CVE-2023-3519 was addressed by Citrix in July 2023. If not already completed, ensure the updates are applied to prevent exploitation. Additionally, regular external and internal vulnerability assessments are recommended to ensure critical vulnerabilities such as CVE-2023-3519 are being addressed in a timely manner.

    Request Consultation

    For a complimentary consultation, fill out the form below and we will be in touch soon.

      Number of Employees - select one:
      Industry - select one:


      CISA and NSA Release Joint Advisory on Common Misconfigurations


      On October 6, 2023, CISA and the NSA released a joint advisory to “highlight the most common cybersecurity misconfigurations in large organizations” in a “plea for network defenders and software manufacturers to fix common problems.” This well-written article will be accessible to all audiences in the technical community. The misconfigurations listed in the advisory are:

      1.  Default configurations of software and applications
      2.  Improper separation of user/administrator privilege
      3.  Insufficient internal network monitoring
      4. Lack of network segmentation
      5.  Poor patch management
      6. Bypass of system access controls
      7. Weak or misconfigured multifactor authentication (MFA) methods
      8. Insufficient access control lists (ACLs) on network shares and services
      9. Poor credential hygiene
      10. Unrestricted code execution
      Potential Impact

      The GreyCastle incident response team regularly helps victim organizations that have experienced devastating data exfiltration and ransomware events stemming from the misconfigurations listed above.

      Recommended Actions

      This advisory represents a “back to basics” approach to cybersecurity program enhancement. It is an excellent reminder to security teams that focusing on the fundamental aspects of security and carefully configuring systems adhering to best practices will trump the next buzz-word compliant security technology they may want to purchase. For specific guidance on system configuration, GreyCastle Security often recommends CIS Benchmarks.


      Cisco Releases Security Updates for Multiple Products


      On October 5, 2023, Cisco released security upgrades patching vulnerabilities for multiple Cisco Unified Communications products, as well as a critical vulnerability for its Cisco Emergency Responder product.

      Potential Impact

      Exploiting the critical vulnerability for Cisco Emergency Responder may allow “an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted.” This can be an initial foothold for attackers from which devastating attacks can be launched. The vulnerabilities in the Unified Communication products can be leveraged to launch denial-of-service attacks.

      Recommended Actions

      Ensure that impacted products are upgraded as soon as possible.


      How can we help?

      If you need assistance with any of the Threats identified today or any other cybersecurity concerns, compliance issues or questions, please reach out through the contact button below.  We stand ready to assist!

      Let’s Discuss Your Cybersecurity Needs

      Contact Us  
      Privacy Settings
      We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
      Consent to display content from - Youtube
      Consent to display content from - Vimeo
      Google Maps
      Consent to display content from - Google
      Consent to display content from - Spotify
      Sound Cloud
      Consent to display content from - Sound
      Contact Us