Changing Landscape: Federal and State Regulators Focus on … – Foley & Lardner LLP
Changing Landscape: Federal and State Regulators Focus on ... Foley & Lardner LLP
Keeping Up With Cybersecurity Is Essential To HIPAA Compliance … – Mondaq News Alerts
Keeping Up With Cybersecurity Is Essential To HIPAA Compliance ... Mondaq News Alerts
Planned Parenthood responds to Alaska Attorney General Treg … – kinyradio.com
Indiana Attorney General Todd Rokita targets reproductive health … – Indiana Capital Chronicle
Indiana Attorney General Todd Rokita targets reproductive health ... Indiana Capital Chronicle
This change would protect info on patients’ abortions. AG Raúl Labrador hopes to stop it – Yahoo News Canada
This change would protect info on patients’ abortions. AG Raúl Labrador hopes to stop it – Yahoo News
Patch Released for Actively Exploited Citrix NetScaler Zero Day … – HIPAA Journal
Patch Released for Actively Exploited Citrix NetScaler Zero Day Vulnerability
Citrix has released patches to fix three vulnerabilities that affect the Netscaler Application Delivery Controller (ADC) and NetScaler Gateway appliances – formerly Citrix ADC/Citrix Gateway – including an actively exploited zero day bug that is being actively exploited in the wild.
The solutions are used by healthcare organizations for remote access and improving the performance, security, and resiliency of application delivery, including electronic medical records. The extent to which the vulnerability is being exploited has not been confirmed by Citrix; however, security researchers expect the vulnerability to be widely exploited now the vulnerability has been announced as vulnerabilities in Citrix appliances are targeted by hackers of all skill levels.
The critical flaw is tracked as CVE-2023-3519 and has been assigned a CVSS v3.1 severity score of 9.8 out of 10. Successful exploitation of the flaw would allow a remote, unauthenticated attacker to execute code on a vulnerable appliance. The vulnerability can be exploited if the appliance is running a vulnerable version and is configured as a gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or an authentication virtual server (AAA server).
The other two high-severity vulnerabilities are not believed to have been exploited at the time of the announcement. They are a cross-site scripting vulnerability – CVE-2023-3466 – which has a CVSS severity score of 8.3. The vulnerability can be exploited if the victim accesses an attacker-controlled link in a browser while on a network with connectivity to the NetScaler IP. The other vulnerability – CVE-2023-3467 – is a privilege escalation flaw with a CVSS score of 8.0. Exploitation allows privilege escalation to root administrator (nsroot). An attacker could exploit the flaw with authenticated access to NSIP or SNIP with management interface access.
The vulnerabilities have been fixed in the following Netscaler ADC and NetScaler Gateway versions:
- NetScaler ADC and NetScaler Gateway 13.1-49.13 and later releases
- NetScaler ADC and NetScaler Gateway 13.0-91.13 and later releases of 13.0
- NetScaler ADC 13.1-FIPS 13.1-37.159 and later releases of 13.1-FIPS
- NetScaler ADC 12.1-FIPS 12.1-55.297 and later releases of 12.1-FIPS
- NetScaler ADC 12.1-NDcPP 12.1-55.297 and later releases of 12.1-NDcPP
Customers that are still using version 12.1 have been advised to upgrade to a supported version, as version 12.1 has reached end-of-life.
The post Patch Released for Actively Exploited Citrix NetScaler Zero Day Vulnerability appeared first on HIPAA Journal.