Low
Moderate
Caution
High
Critical
National Cyber Coordination and Command Centre (NC4) has been alerted that several vulnerabilities was actively exploited in the wild that affecting Citrix ADC instances, carrying the potential for unauthenticated adversaries to exploit and expose session tokens. At the same time a zero-day vulnerability in Zimbra's email server has been reported, which was actively exploited in targeted attacks by threat actors. NC4 would like to remind System Administrators and Network Administrators to implement sufficient cyber security measures to ensure that systems and networks are secure at all time.
Unauthorized access can result in valuable information, credentials, authentication token, and sensitive records being compromised and exploited by unknown entities that may cause impacts to the organisations and government.
A critical security flaw denoted as CVE-2023-4966 has been identified, impacting Citrix ADC instances. This vulnerability presents a substantial risk, potentially enabling unauthenticated attackers to expose session tokens. Significantly, remote exploitation of this vulnerability requires no user interaction.
In particular, Citrix NetScaler appliances configured as Gateways, encompassing VPN virtual servers, ICA Proxy, CVPN, and RDP Proxy, or those designated as AAA virtual servers, are susceptible to exploitation.
In a separate incident, Google's Threat Analysis Group (TAG) initially detected a zero-day vulnerability within Zimbra's email server in June. This reflected cross-site scripting (XSS) vulnerability was actively exploited in targeted attacks, prompting Zimbra to promptly address the security concern.
On July 5, 2023, Zimbra took immediate action by releasing a hot fix for the vulnerability on their public Github repository. To ensure widespread awareness and furnish organisations with timely guidance, Zimbra issued an initial advisory with comprehensive remediation recommendations on July 13, 2023.
Recognising the critical nature of the vulnerability, Zimbra expedited the remediation process, officially patching the vulnerability as CVE-2023-37580 on July 25, 2023. NC4 strongly advises organisations employing Zimbra's email server to expeditiously implement the provided patches and adhere to the outlined remediation guidance to fortify the security of their email infrastructure.
Citrix ADC, Citrix Gateway, Zimbra mail server.
Organisations are advised to be vigilant and to take the following actions:
https://nvd.nist.gov/vuln/detail/CVE-2023-4966#vulnConfigurationsArea
https://support.citrix.com/article/CTX579459
https://blog-google.cdn.ampproject.org/c/s/blog.google/threat-analysis-group/zimbra-0-day-used-to-target-international-government-organizations/amp/