9.4

CVE-2023-4966

Warnung
Medienbericht

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CitrixNetscaler Application Delivery Controller SwEditionfips Version >= 12.1 < 12.1-55.300
CitrixNetscaler Application Delivery Controller SwEditionndcpp Version >= 12.1 < 12.1-55.300
CitrixNetscaler Application Delivery Controller SwEdition- Version >= 13.0 < 13.0-92.19
CitrixNetscaler Application Delivery Controller SwEditionfips Version >= 13.1 < 13.1-37.164
CitrixNetscaler Application Delivery Controller SwEdition- Version >= 13.1 < 13.1-49.15
CitrixNetscaler Application Delivery Controller SwEdition- Version >= 14.1 < 14.1-8.50
CitrixNetScaler Gateway Version >= 13.0 < 13.0-92.19
CitrixNetScaler Gateway Version >= 13.1 < 13.1-49.15
CitrixNetScaler Gateway Version >= 14.1 < 14.1-8.50

18.10.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability

Schwachstelle

Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

Beschreibung

Apply mitigations and kill all active and persistent sessions per vendor instructions [https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/] OR discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 94.34% 1
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
secure@citrix.com 9.4 3.9 5.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.