Bronnen

https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967

Risico’s

These vulnerabilities affect Citrix NetScaler ADC and NetScaler Gateway servers, when they are configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. Typically the NetScaler ADC and NetScaler Gateway is exposed to the public on the Internet.

CVE-2023-4966

This vulnerability can be remotely exploited by an attacker and could lead to sensitive information disclosure. The impact on the confidentiality and integrity is high.CVE-2023-4966 is being exploited in the wild on unmitigated appliances. 

Update 23 November

After upgrading its is necessary to remove any active or persisten sessions as stated in the original advisory from CITRIX.
Tenable created a FAQ: https://www.tenable.com/blog/frequently-asked-questions-for-citrixbleed-cve-2023-4966

NEW : CVE-2023-4966 is being exploited in the wild on unmitigated appliances. 

CVE-2023-4967
This vulnerability can be remotely exploited by an attacker and could lead to a Denial of Service (DoS). The impact on integrity Is low, and the impact on availability Is high.

Aanbevolen acties

The Centre for Cyber Security Belgium strongly recommends to upgrade to the latest version as soon as possible. Make sure your systems run one of the following patched versions:

• NetScaler ADC and NetScaler Gateway 14.1-8.50  and later releases
• NetScaler ADC and NetScaler Gateway  13.1-49.15  and later releases of 13.1
• NetScaler ADC and NetScaler Gateway 13.0-92.19 and later releases of 13.0 
• NetScaler ADC 13.1-FIPS 13.1-37.164 and later releases of 13.1-FIPS 
• NetScaler ADC 12.1-FIPS 12.1-55.300 and later releases of 12.1-FIPS 
• NetScaler ADC 12.1-NDcPP 12.1-55.300 and later releases of 12.1-NDcPP

Referenties

• https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967
• https://nvd.nist.gov/vuln/detail/CVE-2023-4966