Publication Date: 2023 July 24
Update Date: 2023 July 24
Philips is currently monitoring developments and updates related to three vulnerabilities discovered in Citrix ADC and Gateway (CVE-2023-3466, CVE-2023-3467, CVE-2023-3519). Applicable products include Citrix NetScaler ADC and NetScaler Gateway.
CVE-2023-3466 references a Reflected Cross-Site Scripting (XSS) vulnerability.
CVE-2023-3467 references a Privilege Escalation to root administrator (nsroot) vulnerability.
CVE-2023-3519 references an Unauthenticated remote code execution vulnerability.
These vulnerabilities affect the following supported versions of NetScaler ADC and NetScaler Gateway:
- NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.13
- NetScaler ADC and NetScaler Gateway 13.0 before 13.0-91.13
- NetScaler ADC 13.1-FIPS before 13.1-37.159
- NetScaler ADC 12.1-FIPS before 12.1-55.297
- NetScaler ADC 12.1-NDcPP before 12.1-55.297
As part of the company’s product security policy and protocols, Philips’ teams are evaluating Philips’ products and solutions for potential impacts from this reported vulnerability and validating actions.
At this time, no Philips products are known to be impacted. In accordance with Philips’ Global Security Policy, Philips continues to analyze the matter, and further information will be posted on the Philips Product Security Advisory page as appropriate.
Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our products to be deployed and to operate within Philips approved product specifications. Therefore, in accordance with Philips’s policy and regulatory requirements, all changes of configuration or software to Philips’ products (including operating system security updates and patches) may be implemented only in accordance with Philips product-specific, verified & validated, authorized, and communicated customer procedures or field actions.
Contract-entitled customers may use Philips InCenter and are encouraged to request Philips InCenter access and reference product-specific information posted. If customers still have questions, all customers (contract-entitled or otherwise) are encouraged to contact their local service support team or regional product service support as appropriate for up-to-date information specific to their Philips’ products.
For customers who utilize the Philips Remote Services Network (RSN, PRS), all Philips RSN systems are protected against this vulnerability and customers are advised not to disconnect the PRS as it may impact Philips’s service teams from providing any required immediate and proactive support such as remote patching.