Hundreds of NetScaler instances impacted by web shells

BleepingComputer reports that at least 640 Citrix Netscaler application delivery controller and Netscaler Gateway servers were observed by Shadowserver Foundation researchers to have been compromised with web shells through the exploitation of a critical remote code execution bug, tracked as CVE-2023-3519. However, significantly more Citrix Netscaler instances are believed to have been breached, according to Shadowserver, which urged organizations with vulnerable servers to assume compromise. "We can say it's fairly standard China Chopper but we do not want to disclose more under the circumstances. I can say the amount we detect is much lower than the amount we believe to be out there, unfortunately," said Shadowserver CEO Piotr Kijewski. Fewer than 10,000 Citrix appliances continue to be vulnerable to CVE-2023-3519, compared with nearly 15,000 instances two weeks ago, suggesting progress in flaw remediation efforts. Federal agencies have already been urged by the Cybersecurity and Infrastructure Security Agency to address the flaw by Aug. 9.