n the last week, Citrix have released an advisory which included a fix for a critical RCE vulnerability within Citrix ADC and NetScaler Gateway. There have been indications that the exploit for this has been sold on the internet since some time in June, however this advisory solidified the presence of a real vulnerability.

If you are just looking for a script to determine the exploitability of this issue for your Citrix machines, you can obtain our detection script here: https://github.com/assetnote/exploits/tree/main/citrix/CVE-2023-3519.

Note: our analysis so far indicates that SAML has to be enabled for exploitation, this may change as we continue to reverse engineer this vulnerability. We will update our blog post accordingly.