Actively exploited vulnerability

CVE-2023-4966: Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability

Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

CISA KEV source 18 Oct 2023 added 8 Nov 2023 remediation due

Affected product

Citrix · NetScaler ADC and NetScaler Gateway

Known ransomware use: Known

Required action

Follow the source advisory and validate exposure in your environment.

Apply mitigations and kill all active and persistent sessions per vendor instructions [https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/] OR discontinue use of the product if mitigations are unavailable.

Related Yasna coverage

Recent reporting that mentions CVE-2023-4966.

The Register1 Nov 2023

'Mass exploitation' of Citrix Bleed underway as ransomware crews pile in

At least two extortion gangs abusing CVE-2023-4966, we're told Citrix Bleed, the critical information-disclosure bug that affects NetScaler ADC and NetScaler Gateway, is now under "mass exploitation," as thousands of Citrix NetScaler instances remain vulnerable, according to security teams.…

Bleeping Computer26 Oct 2023

Citrix Bleed exploit lets hackers hijack NetScaler accounts

A proof-of-concept (PoC) exploit is released for the 'Citrix Bleed' vulnerability, tracked as CVE-2023-4966, that allows attackers to retrieve authentication session cookies from vulnerable Citrix NetScaler ADC and NetScaler Gateway appliances. [...]