CVE-2023-4966

Warning

Media report

EPSS 94.34%
Published 10.10.2023 14:15:10
Last modified 13.03.2025 19:53:13
Source secure@citrix.com
Teams watchlist Login
Open Login

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server.

Affected products Warnungen 2 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Citrix ≫ Netscaler Application Delivery Controller SwEditionfips Version >= 12.1 < 12.1-55.300

Citrix ≫ Netscaler Application Delivery Controller SwEditionndcpp Version >= 12.1 < 12.1-55.300

Citrix ≫ Netscaler Application Delivery Controller SwEdition- Version >= 13.0 < 13.0-92.19

Citrix ≫ Netscaler Application Delivery Controller SwEditionfips Version >= 13.1 < 13.1-37.164

Citrix ≫ Netscaler Application Delivery Controller SwEdition- Version >= 13.1 < 13.1-49.15

Citrix ≫ Netscaler Application Delivery Controller SwEdition- Version >= 14.1 < 14.1-8.50

Citrix ≫ NetScaler Gateway Version >= 13.0 < 13.0-92.19

Citrix ≫ NetScaler Gateway Version >= 13.1 < 13.1-49.15

Citrix ≫ NetScaler Gateway Version >= 14.1 < 14.1-8.50

18.10.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability

Vulnerability

Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

Description

Apply mitigations and kill all active and persistent sessions per vendor instructions [https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/] OR discontinue use of the product if mitigations are unavailable.

Required actions

20.10.2023: CERT.at Warnung

https://www.cert.at/de/warnungen/2023/10/kritische-sicherheitslucke-in-citrix-netscaler-adc-und-netscaler-gateway-aktiv-ausgenutzt-updates-verfugbar

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	94.34%	1

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
secure@citrix.com	9.4	3.9	5.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://www.heise.de/news/CitrixBleed-2-Citrix-Netscaler-Luecken-gravierender-10460208.html

Medienbericht

heise Security

https://www.heise.de/news/CitrixBleed-2-Indizien-fuer-laufende-Angriffe-auf-Sicherheitsleck-10464142.html

Medienbericht

heise Security

http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html

Third Party Advisory

VDB Entry

https://support.citrix.com/article/CTX579459

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-4966

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-4966

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-4966

EUVD