www.belgium.be Logo of the federal government

Warning: critical vulnerability in Citrix Netscaler ADC and Netscaler Gateway exploited in the wild

Advisory #2023-123
Affected software: 
NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50
NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.15
NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.19
NetScaler ADC 13.1-FIPS before 13.1-37.164
NetScaler ADC 12.1-FIPS before 12.1-55.300
NetScaler ADC 12.1-NDcPP before 12.1-55.300

CVE-2023-4966: CVSS 9.4 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L)
CVE-2023-4967: CVSS 8.2 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H)




These vulnerabilities affect Citrix NetScaler ADC and NetScaler Gateway servers, when they are configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. Typically the NetScaler ADC and NetScaler Gateway is exposed to the public on the Internet.


This vulnerability can be remotely exploited by an attacker and could lead to sensitive information disclosure. The impact on the confidentiality and integrity is high.CVE-2023-4966 is being exploited in the wild on unmitigated appliances.

Update 23 November

After upgrading its is necessary to remove any active or persisten sessions as stated in the original advisory from CITRIX.
Tenable created a FAQ: https://www.tenable.com/blog/frequently-asked-questions-for-citrixbleed-cve-2023-4966

This vulnerability can be remotely exploited by an attacker and could lead to a Denial of Service (DoS). The impact on integrity Is low, and the impact on availability Is high.


An attacker could exploit 2 vulnerabilities in Citrix Netscaler, to either leak information or bring down the system.

Recommended Actions

The Centre for Cyber Security Belgium strongly recommends to upgrade to the latest version as soon as possible. Make sure your systems run one of the following patched versions:

  • NetScaler ADC and NetScaler Gateway 14.1-8.50  and later releases
  • NetScaler ADC and NetScaler Gateway  13.1-49.15  and later releases of 13.1
  • NetScaler ADC and NetScaler Gateway 13.0-92.19 and later releases of 13.0 
  • NetScaler ADC 13.1-FIPS 13.1-37.164 and later releases of 13.1-FIPS 
  • NetScaler ADC 12.1-FIPS 12.1-55.300 and later releases of 12.1-FIPS 
  • NetScaler ADC 12.1-NDcPP 12.1-55.300 and later releases of 12.1-NDcPP