CVE-2023-4966
Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability
CVSS
—
Sin CVSS
EPSS
100.0%
p100
KEV
SÍ
18 oct 2023
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
Citrix / NetScaler ADC and NetScaler Gateway
Vulnerabilidad
Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability
Añadido a KEV
18 oct 2023
Remediar antes de
8 nov 2023
Uso conocido en ransomware
Sí
Descripción resumida
Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
Acción requerida
Apply mitigations and kill all active and persistent sessions per vendor instructions [https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/] OR discontinue use of the product if mitigations are unavailable.
Notas
https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/, https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967 ; https://nvd.nist.gov/vuln/detail/CVE-2023-4966