ExtraHop named a Leader in the 2025 Forrester Wave™: Network Analysis And Visibility Solutions

Search
Try ExtraHop
Menu iconX icon
  • Platformchevron right
  • Solutionschevron right
  • Modern NDRchevron right
  • Resourceschevron right
  • Companychevron right
User iconSign In
Contact Us

DETECTION OVERVIEW

Citrix NetScaler ADC and NetScaler Gateway Exploit Attempt - CVE-2023-3519

Risk Factors

Vulnerable devices are exposed to the internet and code that exploits the vulnerability is publicly available. An unauthenticated attacker can easily exploit this vulnerability to create a denial of service (DoS) scenario or gain complete control of a device by running arbitrary code with root privileges.

Category

Exploitation
Detection diagram
Next in Exploitation: Citrix NetScaler ADC and NetScaler Gateway Exploit Attempt - CVE-2023-4966

Attack Background

The Citrix products, NetScaler Application Delivery Controller (formerly Citrix ADC), and NetScaler Gateway (formerly Citrix Gateway), have an HTTPS web application that includes a DoS and remote code execution (RCE) vulnerability. An unauthenticated attacker sends a malicious HTTP request to the victim. This request includes a path that ends with /gwtest/formssso. The request also includes query parameters with two specific key-value pairs: the event key is paired with the start value and the target key is paired with a malicious payload. The payload content is tailored to the specific version and desired outcome. For example, successful DoS requires a payload that must be at least 167 characters long. Successful RCE requires a slightly longer payload and malicious code. After receiving the request, the victim runs the malicious payload with root privileges.

Mitigation Options

Install relevant updates

MITRE ATT&CK ID

Associated content

Announcing The Forrester Wave™: Network Analysis And Visibility Solutions, Q4 2025

Network analysis and visibility solutions remain underrepresented in enterprises. Find out why in this preview of a new Wave report.

Report
Learn moreArrow pointing right

ExtraHop® Named a Leader in First-Ever Gartner® Magic Quadrant™ for Network Detection and Response — ExtraHop

ExtraHop® Named a Leader in First-Ever Gartner® Magic Quadrant™ for Network Detection and Response

News
Learn moreArrow pointing right

Detections

Visit this resource for more information.

Docs
Learn moreArrow pointing right

The 2025 ExtraHop Global Threat Landscape Report: The Alarming Reality of Threat Actor Dwell Time and Deeper Network Access — ExtraHop

This analysis exposes the critical link between an organization's lack of internal visibility and the escalating cost of compromise, demanding an urgent re-evaluation of how core business assets are protected.

Blog
Learn moreArrow pointing right

ExtraHop RevealX MITRE ATT&CK Coverage 2024 — ExtraHop

Learn why you need to be wary of the claims certain network detection and response providers make about their coverage against the MITRE ATT&CK framework.

Blog
Learn moreArrow pointing right

MITRE ATT&CK - Network Detection & Response with RevealX — ExtraHop

Learn how NDR from RevealX helps security teams detect and investigate more adversary TTPs in the MITRE ATT&CK framework than rule-based tools.

External
Learn moreArrow pointing right
Periodic Table of Use Cases

What else can RevealX do for you?

View our Periodic Table of use casesArrow pointing right