Warning: critical vulnerability in Citrix Netscaler ADC and Netscaler Gateway exploited in the wild
CVE-2023-4966: CVSS 9.4 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L)
CVE-2023-4967: CVSS 8.2 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H)
These vulnerabilities affect Citrix NetScaler ADC and NetScaler Gateway servers, when they are configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. Typically the NetScaler ADC and NetScaler Gateway is exposed to the public on the Internet.
This vulnerability can be remotely exploited by an attacker and could lead to sensitive information disclosure. The impact on the confidentiality and integrity is high.CVE-2023-4966 is being exploited in the wild on unmitigated appliances.
Update 23 November
After upgrading its is necessary to remove any active or persisten sessions as stated in the original advisory from CITRIX.
Tenable created a FAQ: https://www.tenable.com/blog/frequently-asked-questions-for-citrixbleed-cve-2023-4966
This vulnerability can be remotely exploited by an attacker and could lead to a Denial of Service (DoS). The impact on integrity Is low, and the impact on availability Is high.
An attacker could exploit 2 vulnerabilities in Citrix Netscaler, to either leak information or bring down the system.
The Centre for Cyber Security Belgium strongly recommends to upgrade to the latest version as soon as possible. Make sure your systems run one of the following patched versions:
- NetScaler ADC and NetScaler Gateway 14.1-8.50 and later releases
- NetScaler ADC and NetScaler Gateway 13.1-49.15 and later releases of 13.1
- NetScaler ADC and NetScaler Gateway 13.0-92.19 and later releases of 13.0
- NetScaler ADC 13.1-FIPS 13.1-37.164 and later releases of 13.1-FIPS
- NetScaler ADC 12.1-FIPS 12.1-55.300 and later releases of 12.1-FIPS
- NetScaler ADC 12.1-NDcPP 12.1-55.300 and later releases of 12.1-NDcPP