PRP: CVE-2023-3519 Citrix RCE

[am0o0]

Hi, I like to start implementing a Tsunami plugin for Citrix NetScaler ADC and Gateway RCE. As we can see in attackerkb the setup is easy and we can download the vulnerable version from a simple registered citrix account. I can host The ovf file for you, Also the dev/test license can be obtained easily after creating a new account to setup and test the plugin. from the mentioned blog post:

On July 21, BishopFox reported that there are about 61,000 potentially vulnerable Citrix appliances on the internet, and suggested that about 35% (21k) were vulnerable at the time.

[maoning]

Hi @amammad ,

Thanks for your request! This vulnerability is in scope for the reward program. Please submit our participation form and you can start working on the development.

Please keep in mind that the Tsunami Scanner Team will only be able to work at one issue at a time for each participant so please hold on the implementation work for any other requests you might have.

Thanks!