CVE-2023-4966 - Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability

CVE-2023-4966: Citrix | NetScaler ADC and NetScaler Gateway

Date Added:
2023-10-18

Due Date:
2023-11-08

Vulnerability Name: Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability

Description: Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

Known To Be Used in Ransomware Campaigns?: Known

Action: Apply mitigations and kill all active and persistent sessions per vendor instructions [https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/] OR discontinue use of the product if mitigations are unavailable.

Additional Notes: https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/, https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967 ; https://nvd.nist.gov/vuln/detail/CVE-2023-4966

Related News Articles

Embargo ransomware escalates attacks to cloud environmentsSeptember 27, 2024

Citrix warns admins to manually mitigate PuTTY SSH client bugMay 10, 2024

Free security scan for your website

Don't show website scan report rating on the leaderboard