CVE-2023-4966
Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability
CVSS
—
No CVSS
EPSS
100.0%
p100
KEV
YES
Oct 18, 2023
Exploit Today
80
0-100
Published: — · Last modified: —
Product
Citrix / NetScaler ADC and NetScaler Gateway
Vulnerability
Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability
Added to KEV
Oct 18, 2023
Remediate by
Nov 8, 2023
Known ransomware use
Yes
Summary description
Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
Required action
Apply mitigations and kill all active and persistent sessions per vendor instructions [https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/] OR discontinue use of the product if mitigations are unavailable.
Notes
https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/, https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967 ; https://nvd.nist.gov/vuln/detail/CVE-2023-4966