cvelistv5 - CVE-2023-4966

CVE-2023-4966 (GCVE-0-2023-4966)

Vulnerability from cvelistv5

Published

2023-10-10 13:12

Modified

2025-10-21 23:05

Severity ?

9.4 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Summary

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server.

References

URL

Tags

secure@citrix.com	http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html	Third Party Advisory, VDB Entry
secure@citrix.com	https://support.citrix.com/article/CTX579459	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://support.citrix.com/article/CTX579459	Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4966	US Government Resource

Impacted products

Vendor

Product

Version

Citrix

NetScaler ADC

Version: 14.1
Version: 13.1
Version: 13.0
Version: 13.1-FIPS
Version: 12.1-FIPS
Version: 12.1-NDcPP

Citrix

NetScaler Gateway

Version: 14.1
Version: 13.1
Version: 13.0

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2023-10-18

Due date: 2023-11-08

Required action: Apply mitigations and kill all active and persistent sessions per vendor instructions [https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/] OR discontinue use of the product if mitigations are unavailable.

Used in ransomware: Known

Notes: https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/, https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967 ; https://nvd.nist.gov/vuln/detail/CVE-2023-4966

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:44:53.522Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX579459"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4966",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2023-11-22T05:00:08.466868Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2023-10-18",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4966"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:05:35.045Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4966"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2023-10-18T00:00:00+00:00",
            "value": "CVE-2023-4966 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "NetScaler ADC",
          "vendor": "Citrix",
          "versions": [
            {
              "lessThan": "8.50",
              "status": "affected",
              "version": "14.1",
              "versionType": "patch"
            },
            {
              "lessThan": "49.15",
              "status": "affected",
              "version": "13.1",
              "versionType": "patch"
            },
            {
              "lessThan": "92.19",
              "status": "affected",
              "version": "13.0",
              "versionType": "patch"
            },
            {
              "lessThan": "37.164",
              "status": "affected",
              "version": "13.1-FIPS",
              "versionType": "patch"
            },
            {
              "lessThan": "55.300",
              "status": "affected",
              "version": "12.1-FIPS",
              "versionType": "patch"
            },
            {
              "lessThan": "55.300",
              "status": "affected",
              "version": "12.1-NDcPP",
              "versionType": "patch"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "NetScaler Gateway",
          "vendor": "Citrix",
          "versions": [
            {
              "lessThan": "8.50",
              "status": "affected",
              "version": "14.1",
              "versionType": "patch"
            },
            {
              "lessThan": "49.15",
              "status": "affected",
              "version": "13.1",
              "versionType": "patch"
            },
            {
              "lessThan": "92.19",
              "status": "affected",
              "version": "13.0",
              "versionType": "patch"
            }
          ]
        }
      ],
      "datePublic": "2023-10-10T12:33:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cb\u003e\u003cp\u003e\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eSensitive information disclosure\u0026nbsp;\u003c/span\u003e\u003c/b\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ein NetScaler ADC and NetScaler Gateway when configured as a\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003eGateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy)\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003eor\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003eAAA \u202fvirtual\u202fserver.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e\u003c/b\u003e"
            }
          ],
          "value": "Sensitive information disclosure\u00a0in NetScaler ADC and NetScaler Gateway when configured as a\u00a0Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy)\u00a0or\u00a0AAA \u202fvirtual\u202fserver."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-25T15:06:16.721Z",
        "orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
        "shortName": "Citrix"
      },
      "references": [
        {
          "url": "https://support.citrix.com/article/CTX579459"
        },
        {
          "url": "http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Unauthenticated sensitive information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
    "assignerShortName": "Citrix",
    "cveId": "CVE-2023-4966",
    "datePublished": "2023-10-10T13:12:17.644Z",
    "dateReserved": "2023-09-14T15:51:21.569Z",
    "dateUpdated": "2025-10-21T23:05:35.045Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2023-4966",
      "cwes": "[\"CWE-119\"]",
      "dateAdded": "2023-10-18",
      "dueDate": "2023-11-08",
      "knownRansomwareCampaignUse": "Known",
      "notes": "https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/, https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967 ;  https://nvd.nist.gov/vuln/detail/CVE-2023-4966",
      "product": "NetScaler ADC and NetScaler Gateway",
      "requiredAction": "Apply mitigations and kill all active and persistent sessions per vendor instructions [https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/] OR discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.",
      "vendorProject": "Citrix",
      "vulnerabilityName": "Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-4966\",\"sourceIdentifier\":\"secure@citrix.com\",\"published\":\"2023-10-10T14:15:10.977\",\"lastModified\":\"2025-10-24T13:42:55.550\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Sensitive information disclosure\u00a0in NetScaler ADC and NetScaler Gateway when configured as a\u00a0Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy)\u00a0or\u00a0AAA \u202fvirtual\u202fserver.\"},{\"lang\":\"es\",\"value\":\"Divulgaci\u00f3n de informaci\u00f3n confidencial en NetScaler ADC y NetScaler Gateway cuando se configura como Gateway (servidor virtual VPN, ICA Proxy, CVPN, RDP Proxy) o servidor \\\"virtual\\\" AAA.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@citrix.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L\",\"baseScore\":9.4,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":5.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"cisaExploitAdd\":\"2023-10-18\",\"cisaActionDue\":\"2023-11-08\",\"cisaRequiredAction\":\"Apply mitigations and kill all active and persistent sessions per vendor instructions [https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/] OR discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability\",\"weaknesses\":[{\"source\":\"secure@citrix.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*\",\"versionStartIncluding\":\"12.1\",\"versionEndExcluding\":\"12.1-55.300\",\"matchCriteriaId\":\"492BEB4B-7A4B-47C2-93D1-2B0683AA3A20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*\",\"versionStartIncluding\":\"12.1\",\"versionEndExcluding\":\"12.1-55.300\",\"matchCriteriaId\":\"81EF12C2-4197-4C0D-BE11-556F05DAD646\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"13.0\",\"versionEndExcluding\":\"13.0-92.19\",\"matchCriteriaId\":\"9EEC53B2-686A-4C6F-98DE-5D6AE804B0A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*\",\"versionStartIncluding\":\"13.1\",\"versionEndExcluding\":\"13.1-37.164\",\"matchCriteriaId\":\"109301A8-9ADD-4A49-9C45-D21A4DA840E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"13.1\",\"versionEndExcluding\":\"13.1-49.15\",\"matchCriteriaId\":\"5C1739C5-48C1-46BC-A524-B4CC4C5B6436\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"14.1\",\"versionEndExcluding\":\"14.1-8.50\",\"matchCriteriaId\":\"9148C36D-98B4-4166-8B9A-449EA86BA4B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0\",\"versionEndExcluding\":\"13.0-92.19\",\"matchCriteriaId\":\"5FB1412D-F8D8-4592-A8A9-C1B841B93D5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1\",\"versionEndExcluding\":\"13.1-49.15\",\"matchCriteriaId\":\"28A08B32-D145-499F-866E-BEEEDEBB2901\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1\",\"versionEndExcluding\":\"14.1-8.50\",\"matchCriteriaId\":\"4F1610E6-FE48-4339-8E74-765E0517E33D\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html\",\"source\":\"secure@citrix.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.citrix.com/article/CTX579459\",\"source\":\"secure@citrix.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.citrix.com/article/CTX579459\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4966\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.citrix.com/article/CTX579459\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T07:44:53.522Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-4966\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2023-11-22T05:00:08.466868Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2023-10-18\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4966\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-10-18T00:00:00+00:00\", \"value\": \"CVE-2023-4966 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4966\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-03T16:29:12.250Z\"}}], \"cna\": {\"title\": \"Unauthenticated sensitive information disclosure\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Citrix\", \"product\": \"NetScaler ADC\", \"versions\": [{\"status\": \"affected\", \"version\": \"14.1\", \"lessThan\": \"8.50\", \"versionType\": \"patch\"}, {\"status\": \"affected\", \"version\": \"13.1\", \"lessThan\": \"49.15\", \"versionType\": \"patch\"}, {\"status\": \"affected\", \"version\": \"13.0\", \"lessThan\": \"92.19\", \"versionType\": \"patch\"}, {\"status\": \"affected\", \"version\": \"13.1-FIPS\", \"lessThan\": \"37.164\", \"versionType\": \"patch\"}, {\"status\": \"affected\", \"version\": \"12.1-FIPS\", \"lessThan\": \"55.300\", \"versionType\": \"patch\"}, {\"status\": \"affected\", \"version\": \"12.1-NDcPP\", \"lessThan\": \"55.300\", \"versionType\": \"patch\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Citrix\", \"product\": \"NetScaler Gateway\", \"versions\": [{\"status\": \"affected\", \"version\": \"14.1\", \"lessThan\": \"8.50\", \"versionType\": \"patch\"}, {\"status\": \"affected\", \"version\": \"13.1\", \"lessThan\": \"49.15\", \"versionType\": \"patch\"}, {\"status\": \"affected\", \"version\": \"13.0\", \"lessThan\": \"92.19\", \"versionType\": \"patch\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2023-10-10T12:33:00.000Z\", \"references\": [{\"url\": \"https://support.citrix.com/article/CTX579459\"}, {\"url\": \"http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Sensitive information disclosure\\u00a0in NetScaler ADC and NetScaler Gateway when configured as a\\u00a0Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy)\\u00a0or\\u00a0AAA \\u202fvirtual\\u202fserver.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cb\u003e\u003cp\u003e\u003cb\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003eSensitive information disclosure\u0026nbsp;\u003c/span\u003e\u003c/b\u003e\u003cspan style=\\\"background-color: var(--wht);\\\"\u003ein NetScaler ADC and NetScaler Gateway when configured as a\u0026nbsp;\u003c/span\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003eGateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy)\u0026nbsp;\u003c/span\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003eor\u0026nbsp;\u003c/span\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003eAAA \\u202fvirtual\\u202fserver.\u0026nbsp;\u003c/span\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan style=\\\"background-color: var(--wht);\\\"\u003e\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e\u003c/b\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-119\", \"description\": \"CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer\"}]}], \"providerMetadata\": {\"orgId\": \"e437aed5-38e0-4fa3-a98b-cb73e7acaec6\", \"shortName\": \"Citrix\", \"dateUpdated\": \"2023-10-25T15:06:16.721Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-4966\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:05:35.045Z\", \"dateReserved\": \"2023-09-14T15:51:21.569Z\", \"assignerOrgId\": \"e437aed5-38e0-4fa3-a98b-cb73e7acaec6\", \"datePublished\": \"2023-10-10T13:12:17.644Z\", \"assignerShortName\": \"Citrix\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2023-ALE-012

Vulnerability from certfr_alerte

[Mise à jour du 22 novembre 2023]

L'éditeur a publié un document [3] le 20 novembre 2023 listant les différents journaux à analyser ainsi que les éléments à rechercher pour identifier une activité pouvant être liée à une compromission.

Par ailleurs, la CISA a publié un avis de sécurité le 21 novembre 2023 [4] indiquant que, comme anticipé le 24 octobre, des campagnes d'exploitation massives sont en cours notamment pour le déploiement de rançongiciels.

Le CERT-FR rappelle que tout équipement qui n'aurait pas été mis à jour doit être considéré comme compromis. Il est impératif de réaliser des investigations sans délai [5] en s'appuyant sur l'ensemble des recommandations fournies dans les différentes publications [2][3][4].

[Mise à jour du 24 octobre 2023] Des chercheurs ont publiés des détails techniques sur la vulnérabilité ce jour. Le CERT-FR anticipe l'apparition de codes d'exploitation publics suivie d'une augmentation des tentatives d'exploitation de cette vulnérabilité.

[Publication initiale]

Le 10 octobre 2023, Citrix a publié un avis de sécurité [1] concernant la vulnérabilité CVE-2023-4966 affectant NetScaler ADC et NetScaler Gateway. L'éditeur lui a donné un score de 9,4 et indiqué qu'elle permet une atteinte à la confidentialité des données.

Le 17 octobre 2023, Citrix a mis son avis à jour pour déclarer avoir connaissance d'exploitations actives de la vulnérabilité CVE-2023-4966.

Le même jour, Mandiant a publié un billet de blogue [2] dans lequel l'entreprise déclare avoir connaissance d'exploitations actives de cette vulnérabilité depuis fin août 2023. Mandiant précise que l’exploitation de cette vulnérabilité permet à l'attaquant de prendre le contrôle de sessions actives avec le niveau de privilèges des utilisateurs concernés. Cela permet de contourner l'authentification à multiples facteurs et le seul fait d'appliquer la mise à jour ne bloque pas l'accès à l'attaquant.

Sur la base des informations fournies par Mandiant dans son rapport (cf. le rapport détaillé référencé dans son billet [2]), le CERT-FR recommande de réaliser les actions suivantes :

appliquer la mise à jour sans délai ;
couper toutes les sessions existantes sans délai ;
renouveler les mots de passe des comptes déclarés sur les passerelles vulnérables ;
mener des investigations pour identifier les actions prises par un potentiel attaquant.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

NetScaler ADC et NetScaler Gateway versions 14.1.x antérieures à 14.1-8.50
NetScaler ADC et NetScaler Gateway versions 13.1.x antérieures à  13.1-49.15
NetScaler ADC et NetScaler Gateway versions 13.0.x antérieures à 13.0-92.19
NetScaler ADC 13.1-FIPS versions antérieures à 13.1-37.164
NetScaler ADC 12.1-FIPS versions antérieures à 12.1-55.300
NetScaler ADC 12.1-NDcPP versions antérieures à 12.1-55.300

Citrix indique que NetScaler ADC et NetScaler Gateway versions 12.1 sont obsolètes.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

[1] Bulletin de sécurité Citrix CTX579459 du 10 octobre 2023	None	vendor-advisory
[4] Avis de sécurité de la CISA du 21 novembre 2023	-	other
[5] Les bons réflexes en cas d'intrusion sur un système d'information	-	other
[2] Billet de blogue Mandiant du 17 octobre 2023	-	other
Avis CERT-FR CERTFR-2023-AVI-0823 du 11 octobre 2023	-	other
[3] Billet de blogue NetScaler du 20 novembre 2023	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eNetScaler ADC et NetScaler Gateway versions 14.1.x ant\u00e9rieures \u00e0 14.1-8.50\u003c/li\u003e \u003cli\u003eNetScaler ADC et NetScaler Gateway versions 13.1.x ant\u00e9rieures \u00e0 \u202f13.1-49.15\u003c/li\u003e \u003cli\u003eNetScaler ADC\u00a0et NetScaler Gateway versions 13.0.x ant\u00e9rieures \u00e0 13.0-92.19\u003c/li\u003e \u003cli\u003eNetScaler ADC 13.1-FIPS versions ant\u00e9rieures \u00e0 13.1-37.164\u003c/li\u003e \u003cli\u003eNetScaler ADC 12.1-FIPS versions ant\u00e9rieures \u00e0 12.1-55.300\u003c/li\u003e \u003cli\u003eNetScaler ADC 12.1-NDcPP versions ant\u00e9rieures \u00e0 12.1-55.300\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eCitrix indique que NetScaler ADC et NetScaler Gateway versions 12.1 sont obsol\u00e8tes.\u003c/p\u003e ",
  "closed_at": "2024-02-16",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-4966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4966"
    }
  ],
  "initial_release_date": "2023-10-23T00:00:00",
  "last_revision_date": "2024-02-16T00:00:00",
  "links": [
    {
      "title": "[4] Avis de s\u00e9curit\u00e9 de la CISA du 21 novembre 2023",
      "url": "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a"
    },
    {
      "title": "[5] Les bons r\u00e9flexes en cas d\u0027intrusion sur un syst\u00e8me d\u0027information",
      "url": "https://www.cert.ssi.gouv.fr/les-bons-reflexes-en-cas-dintrusion-sur-un-systeme-dinformation/"
    },
    {
      "title": "[2] Billet de blogue Mandiant du 17 octobre 2023",
      "url": "https://www.mandiant.com/resources/blog/remediation-netscaler-adc-gateway-cve-2023-4966"
    },
    {
      "title": "Avis CERT-FR CERTFR-2023-AVI-0823 du 11 octobre 2023",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2023-AVI-0823/"
    },
    {
      "title": "[3] Billet de blogue NetScaler du 20 novembre 2023",
      "url": "https://www.netscaler.com/blog/news/netscaler-investigation-recommendations-for-cve-2023-4966/"
    }
  ],
  "reference": "CERTFR-2023-ALE-012",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-10-23T00:00:00.000000"
    },
    {
      "description": "Publication de d\u00e9tails techniques",
      "revision_date": "2023-10-24T00:00:00.000000"
    },
    {
      "description": "Mise \u00e0 jour : publications de l\u0027\u00e9diteur et de la CISA",
      "revision_date": "2023-11-22T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
      "revision_date": "2024-02-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "\u003cspan style=\"color: #ff0000;\"\u003e\u003cstrong\u003e\\[Mise \u00e0 jour du 22 novembre\n2023\\]\u003c/strong\u003e\u003c/span\u003e\n\nL\u0027\u00e9diteur a publi\u00e9 un document \\[3\\] le 20 novembre 2023 listant les\ndiff\u00e9rents journaux \u00e0 analyser ainsi que les \u00e9l\u00e9ments \u00e0 rechercher pour\nidentifier une activit\u00e9 pouvant \u00eatre li\u00e9e \u00e0 une compromission.\n\nPar ailleurs, la CISA a publi\u00e9 un avis de s\u00e9curit\u00e9 le 21 novembre 2023\n\\[4\\] indiquant que, comme anticip\u00e9 le 24 octobre, des \u003cspan\nstyle=\"text-decoration: underline;\"\u003ecampagnes d\u0027exploitation\u003c/span\u003e\nmassives sont en cours notamment pour le \u003cspan\nstyle=\"text-decoration: underline;\"\u003ed\u00e9ploiement de ran\u00e7ongiciels\u003c/span\u003e.\n\n\u003cspan style=\"color: #ff0000;\"\u003e\u003cstrong\u003eLe CERT-FR rappelle que tout \u00e9quipement\nqui n\u0027aurait pas \u00e9t\u00e9 mis \u00e0 jour doit \u00eatre consid\u00e9r\u00e9 comme compromis. Il\nest imp\u00e9ratif de r\u00e9aliser des investigations sans d\u00e9lai \\[5\\] en\ns\u0027appuyant sur l\u0027ensemble des recommandations fournies dans les\ndiff\u00e9rentes publications \\[2\\]\\[3\\]\\[4\\].\u003c/strong\u003e\u003c/span\u003e\n\n\u00a0\n\n\u003cspan style=\"color: #000000;\"\u003e\u003cstrong\u003e\\[Mise \u00e0 jour du 24 octobre 2023\\]\u003c/strong\u003e\n\u003c/span\u003eDes chercheurs ont publi\u00e9s des d\u00e9tails techniques sur la\nvuln\u00e9rabilit\u00e9 ce jour. \u003cspan style=\"text-decoration: underline;\"\u003eLe\nCERT-FR anticipe l\u0027apparition de codes d\u0027exploitation publics suivie\nd\u0027une augmentation des tentatives d\u0027exploitation de cette\nvuln\u00e9rabilit\u00e9\u003c/span\u003e.\n\n\u003cstrong\u003e\\[Publication initiale\\]\u003c/strong\u003e\n\nLe 10 octobre 2023, Citrix a publi\u00e9 un avis de s\u00e9curit\u00e9 \\[1\\] concernant\nla vuln\u00e9rabilit\u00e9 CVE-2023-4966 affectant NetScaler ADC et NetScaler\nGateway. L\u0027\u00e9diteur lui a donn\u00e9 un score de 9,4 et indiqu\u00e9 qu\u0027elle permet\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nLe 17 octobre 2023, Citrix a mis son avis \u00e0 jour pour d\u00e9clarer avoir\nconnaissance d\u0027exploitations actives de la vuln\u00e9rabilit\u00e9 CVE-2023-4966.\n\nLe m\u00eame jour, Mandiant a publi\u00e9 un billet de blogue \\[2\\] dans lequel\nl\u0027entreprise d\u00e9clare avoir connaissance d\u0027exploitations actives de cette\nvuln\u00e9rabilit\u00e9 depuis fin ao\u00fbt 2023.\u00a0 Mandiant pr\u00e9cise que l\u2019exploitation\nde cette vuln\u00e9rabilit\u00e9 permet \u00e0 l\u0027attaquant de prendre le contr\u00f4le de\nsessions actives avec le niveau de privil\u00e8ges des utilisateurs\nconcern\u00e9s. Cela permet de contourner l\u0027authentification \u00e0 multiples\nfacteurs et le seul fait d\u0027appliquer la mise \u00e0 jour ne bloque pas\nl\u0027acc\u00e8s \u00e0 l\u0027attaquant.\n\nSur la base des informations fournies par Mandiant dans son rapport (cf.\nle rapport d\u00e9taill\u00e9 r\u00e9f\u00e9renc\u00e9 dans son billet \\[2\\]), le CERT-FR\nrecommande de r\u00e9aliser les actions suivantes :\n\n-   appliquer la mise \u00e0 jour \u003cspan\n    style=\"text-decoration: underline;\"\u003esans d\u00e9lai\u003c/span\u003e ;\n-   couper toutes les sessions existantes \u003cspan\n    style=\"text-decoration: underline;\"\u003esans d\u00e9lai\u003c/span\u003e ;\n-   renouveler les mots de passe des comptes d\u00e9clar\u00e9s sur les\n    passerelles vuln\u00e9rables ;\n-   mener des investigations pour identifier les actions prises par un\n    potentiel attaquant.\n\n\u00a0\n",
  "title": "[M\u00e0J] Vuln\u00e9rabilit\u00e9 dans Citrix NetScaler ADC et NetScaler Gateway",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "[1] Bulletin de s\u00e9curit\u00e9 Citrix CTX579459 du 10 octobre 2023",
      "url": "https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967"
    }
  ]
}

gsd-2023-4966

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server.

Aliases

CVE-2023-4966

Aliases

CVE-2023-4966

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-4966",
    "id": "GSD-2023-4966"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-4966"
      ],
      "details": "Sensitive information disclosure\u00a0in NetScaler ADC and NetScaler Gateway when configured as a\u00a0Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy)\u00a0or\u00a0AAA \u202fvirtual\u202fserver.\u00a0\n\n\n\n",
      "id": "GSD-2023-4966",
      "modified": "2023-12-13T01:20:26.807437Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@citrix.com",
        "ID": "CVE-2023-4966",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "NetScaler ADC\u202f",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "14.1",
                          "version_value": "8.50"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "13.1",
                          "version_value": "49.15"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "13.0",
                          "version_value": "92.19"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "13.1-FIPS",
                          "version_value": "37.164"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "12.1-FIPS",
                          "version_value": "55.300"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "12.1-NDcPP",
                          "version_value": "55.300"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "NetScaler Gateway",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "14.1",
                          "version_value": "8.50"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "13.1",
                          "version_value": "49.15"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "13.0",
                          "version_value": "92.19"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Citrix"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Sensitive information disclosure\u00a0in NetScaler ADC and NetScaler Gateway when configured as a\u00a0Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy)\u00a0or\u00a0AAA \u202fvirtual\u202fserver.\u00a0\n\n\n\n"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-119",
                "lang": "eng",
                "value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.citrix.com/article/CTX579459",
            "refsource": "MISC",
            "url": "https://support.citrix.com/article/CTX579459"
          },
          {
            "name": "http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "cisaActionDue": "2023-11-08",
        "cisaExploitAdd": "2023-10-18",
        "cisaRequiredAction": "Apply mitigations and kill all active and persistent sessions per vendor instructions [https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/] OR discontinue use of the product if mitigations are unavailable.",
        "cisaVulnerabilityName": "Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability",
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*",
                    "matchCriteriaId": "492BEB4B-7A4B-47C2-93D1-2B0683AA3A20",
                    "versionEndExcluding": "12.1-55.300",
                    "versionStartIncluding": "12.1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*",
                    "matchCriteriaId": "81EF12C2-4197-4C0D-BE11-556F05DAD646",
                    "versionEndExcluding": "12.1-55.300",
                    "versionStartIncluding": "12.1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
                    "matchCriteriaId": "9EEC53B2-686A-4C6F-98DE-5D6AE804B0A8",
                    "versionEndExcluding": "13.0-92.19",
                    "versionStartIncluding": "13.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*",
                    "matchCriteriaId": "109301A8-9ADD-4A49-9C45-D21A4DA840E9",
                    "versionEndExcluding": "13.1-37.164",
                    "versionStartIncluding": "13.1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
                    "matchCriteriaId": "5C1739C5-48C1-46BC-A524-B4CC4C5B6436",
                    "versionEndExcluding": "13.1-49.15",
                    "versionStartIncluding": "13.1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
                    "matchCriteriaId": "9148C36D-98B4-4166-8B9A-449EA86BA4B1",
                    "versionEndExcluding": "14.1-8.50",
                    "versionStartIncluding": "14.1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5FB1412D-F8D8-4592-A8A9-C1B841B93D5E",
                    "versionEndExcluding": "13.0-92.19",
                    "versionStartIncluding": "13.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "28A08B32-D145-499F-866E-BEEEDEBB2901",
                    "versionEndExcluding": "13.1-49.15",
                    "versionStartIncluding": "13.1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4F1610E6-FE48-4339-8E74-765E0517E33D",
                    "versionEndExcluding": "14.1-8.50",
                    "versionStartIncluding": "14.1",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Sensitive information disclosure\u00a0in NetScaler ADC and NetScaler Gateway when configured as a\u00a0Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy)\u00a0or\u00a0AAA \u202fvirtual\u202fserver.\u00a0\n\n\n\n"
          },
          {
            "lang": "es",
            "value": "Divulgaci\u00f3n de informaci\u00f3n confidencial en NetScaler ADC y NetScaler Gateway cuando se configura como Gateway (servidor virtual VPN, ICA Proxy, CVPN, RDP Proxy) o servidor \"virtual\" AAA."
          }
        ],
        "id": "CVE-2023-4966",
        "lastModified": "2024-02-29T01:41:58.480",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 5.5,
              "source": "secure@citrix.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2023-10-10T14:15:10.977",
        "references": [
          {
            "source": "secure@citrix.com",
            "tags": [
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html"
          },
          {
            "source": "secure@citrix.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://support.citrix.com/article/CTX579459"
          }
        ],
        "sourceIdentifier": "secure@citrix.com",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "NVD-CWE-noinfo"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-119"
              }
            ],
            "source": "secure@citrix.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

WID-SEC-W-2023-2605

Vulnerability from csaf_certbund

Published

2023-10-10 22:00

Modified

2023-11-09 23:00

Summary

Citrix Systems ADC: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Citrix Application Delivery Controller (ADC) ist eine Lösung zur Anwendungsbereitstellung und Lastverteilung. Citrix Gateway ist eine vom Kunden verwaltete Lösung, die vor Ort oder in jeder öffentlichen Cloud, wie z.B. AWS, Azure oder Google Cloud Platform, eingesetzt werden kann. Citrix Gateway bietet Anwendern sicheren Zugriff und Single Sign-On für alle virtuellen, SaaS- und Web-Anwendungen.

Angriff

Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Citrix Systems ADC und Citrix Systems Citrix Gateway ausnutzen, um Informationen offenzulegen oder einen Denial-of-Service-Zustand auszulösen.

Betroffene Betriebssysteme

- UNIX - Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Citrix Application Delivery Controller (ADC) ist eine L\u00f6sung zur Anwendungsbereitstellung und Lastverteilung.\r\nCitrix Gateway ist eine vom Kunden verwaltete L\u00f6sung, die vor Ort oder in jeder \u00f6ffentlichen Cloud, wie z.B. AWS, Azure oder Google Cloud Platform, eingesetzt werden kann.  Citrix Gateway bietet Anwendern sicheren Zugriff und Single Sign-On f\u00fcr alle virtuellen, SaaS- und Web-Anwendungen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Citrix Systems ADC und Citrix Systems Citrix Gateway ausnutzen, um Informationen offenzulegen oder einen Denial-of-Service-Zustand auszul\u00f6sen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2605 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2605.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2605 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2605"
      },
      {
        "category": "external",
        "summary": "Mandiant Blog vom 2023-10-17",
        "url": "https://www.mandiant.com/resources/blog/remediation-netscaler-adc-gateway-cve-2023-4966"
      },
      {
        "category": "external",
        "summary": "Citrix Security Bulletin CTX579459 vom 2023-10-10",
        "url": "https://support.citrix.com/article/CTX579459"
      }
    ],
    "source_lang": "en-US",
    "title": "Citrix Systems ADC: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-11-09T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:59:38.823+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-2605",
      "initial_release_date": "2023-10-10T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-10-10T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-10-17T22:00:00.000+00:00",
          "number": "2",
          "summary": "Aktive Ausnutzung gemeldet"
        },
        {
          "date": "2023-11-09T23:00:00.000+00:00",
          "number": "3",
          "summary": "Schwachstellenbezeichnung \"CitrixBleed\" f\u00fcr CVE-2023-4966 aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Citrix Systems ADC \u003c 14.1-8.50",
                "product": {
                  "name": "Citrix Systems ADC \u003c 14.1-8.50",
                  "product_id": "T030404",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:citrix:application_delivery_controller_firmware:14.1-8.50"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Citrix Systems ADC \u003c 13.0-92.19",
                "product": {
                  "name": "Citrix Systems ADC \u003c 13.0-92.19",
                  "product_id": "T030409",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:citrix:application_delivery_controller_firmware:13.0-92.19"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Citrix Systems ADC \u003c 13.1-49.15",
                "product": {
                  "name": "Citrix Systems ADC \u003c 13.1-49.15",
                  "product_id": "T030410",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:citrix:application_delivery_controller_firmware:13.1-49.15"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Citrix Systems ADC \u003c 13.1-FIPS 13.1-37.164",
                "product": {
                  "name": "Citrix Systems ADC \u003c 13.1-FIPS 13.1-37.164",
                  "product_id": "T030411",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:citrix:application_delivery_controller_firmware:13.1-fips_13.1-37.164"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Citrix Systems ADC \u003c 12.1-FIPS 12.1-55.300",
                "product": {
                  "name": "Citrix Systems ADC \u003c 12.1-FIPS 12.1-55.300",
                  "product_id": "T030412",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:citrix:application_delivery_controller_firmware:12.1-fips_12.1-55.300"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Citrix Systems ADC \u003c 12.1-NDcPP 12.1-55.300",
                "product": {
                  "name": "Citrix Systems ADC \u003c 12.1-NDcPP 12.1-55.300",
                  "product_id": "T030413",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:citrix:application_delivery_controller_firmware:12.1-ndcpp_12.1-55.300"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "ADC"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Citrix Systems Citrix Gateway \u003c 14.1-8.50",
                "product": {
                  "name": "Citrix Systems Citrix Gateway \u003c 14.1-8.50",
                  "product_id": "T030414",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:citrix:gateway:14.1-8.50"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Citrix Systems Citrix Gateway \u003c 13.1-49.15",
                "product": {
                  "name": "Citrix Systems Citrix Gateway \u003c 13.1-49.15",
                  "product_id": "T030415",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:citrix:gateway:13.1-49.15"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Citrix Systems Citrix Gateway \u003c 13.0-92.19",
                "product": {
                  "name": "Citrix Systems Citrix Gateway \u003c 13.0-92.19",
                  "product_id": "T030416",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:citrix:gateway:13.0-92.19"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Citrix Gateway"
          }
        ],
        "category": "vendor",
        "name": "Citrix Systems"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-4967",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Citrix Systems ADC und Citrix Systems Citrix Gateway. Dieser Fehler besteht aufgrund einer unzul\u00e4ssigen Einschr\u00e4nkung von Operationen innerhalb der Grenzen eines Speicherpuffers. Ein entfernter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-4967"
    },
    {
      "cve": "CVE-2023-4966",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Citrix Systems ADC und Citrix Systems Citrix Gateway. Dieser Fehler besteht aufgrund einer unzul\u00e4ssigen Einschr\u00e4nkung von Operationen innerhalb der Grenzen eines Speicherpuffers. Ein entfernter Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen."
        }
      ],
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-4966"
    }
  ]
}

wid-sec-w-2023-2605

Vulnerability from csaf_certbund

Published

2023-10-10 22:00

Modified

2023-11-09 23:00

Summary

Citrix Systems ADC: Mehrere Schwachstellen

Notes

Produktbeschreibung

Angriff

Betroffene Betriebssysteme

- UNIX - Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Citrix Application Delivery Controller (ADC) ist eine L\u00f6sung zur Anwendungsbereitstellung und Lastverteilung.\r\nCitrix Gateway ist eine vom Kunden verwaltete L\u00f6sung, die vor Ort oder in jeder \u00f6ffentlichen Cloud, wie z.B. AWS, Azure oder Google Cloud Platform, eingesetzt werden kann.  Citrix Gateway bietet Anwendern sicheren Zugriff und Single Sign-On f\u00fcr alle virtuellen, SaaS- und Web-Anwendungen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Citrix Systems ADC und Citrix Systems Citrix Gateway ausnutzen, um Informationen offenzulegen oder einen Denial-of-Service-Zustand auszul\u00f6sen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2605 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2605.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2605 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2605"
      },
      {
        "category": "external",
        "summary": "Mandiant Blog vom 2023-10-17",
        "url": "https://www.mandiant.com/resources/blog/remediation-netscaler-adc-gateway-cve-2023-4966"
      },
      {
        "category": "external",
        "summary": "Citrix Security Bulletin CTX579459 vom 2023-10-10",
        "url": "https://support.citrix.com/article/CTX579459"
      }
    ],
    "source_lang": "en-US",
    "title": "Citrix Systems ADC: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-11-09T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:59:38.823+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-2605",
      "initial_release_date": "2023-10-10T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-10-10T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-10-17T22:00:00.000+00:00",
          "number": "2",
          "summary": "Aktive Ausnutzung gemeldet"
        },
        {
          "date": "2023-11-09T23:00:00.000+00:00",
          "number": "3",
          "summary": "Schwachstellenbezeichnung \"CitrixBleed\" f\u00fcr CVE-2023-4966 aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Citrix Systems ADC \u003c 14.1-8.50",
                "product": {
                  "name": "Citrix Systems ADC \u003c 14.1-8.50",
                  "product_id": "T030404",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:citrix:application_delivery_controller_firmware:14.1-8.50"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Citrix Systems ADC \u003c 13.0-92.19",
                "product": {
                  "name": "Citrix Systems ADC \u003c 13.0-92.19",
                  "product_id": "T030409",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:citrix:application_delivery_controller_firmware:13.0-92.19"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Citrix Systems ADC \u003c 13.1-49.15",
                "product": {
                  "name": "Citrix Systems ADC \u003c 13.1-49.15",
                  "product_id": "T030410",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:citrix:application_delivery_controller_firmware:13.1-49.15"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Citrix Systems ADC \u003c 13.1-FIPS 13.1-37.164",
                "product": {
                  "name": "Citrix Systems ADC \u003c 13.1-FIPS 13.1-37.164",
                  "product_id": "T030411",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:citrix:application_delivery_controller_firmware:13.1-fips_13.1-37.164"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Citrix Systems ADC \u003c 12.1-FIPS 12.1-55.300",
                "product": {
                  "name": "Citrix Systems ADC \u003c 12.1-FIPS 12.1-55.300",
                  "product_id": "T030412",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:citrix:application_delivery_controller_firmware:12.1-fips_12.1-55.300"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Citrix Systems ADC \u003c 12.1-NDcPP 12.1-55.300",
                "product": {
                  "name": "Citrix Systems ADC \u003c 12.1-NDcPP 12.1-55.300",
                  "product_id": "T030413",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:citrix:application_delivery_controller_firmware:12.1-ndcpp_12.1-55.300"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "ADC"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Citrix Systems Citrix Gateway \u003c 14.1-8.50",
                "product": {
                  "name": "Citrix Systems Citrix Gateway \u003c 14.1-8.50",
                  "product_id": "T030414",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:citrix:gateway:14.1-8.50"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Citrix Systems Citrix Gateway \u003c 13.1-49.15",
                "product": {
                  "name": "Citrix Systems Citrix Gateway \u003c 13.1-49.15",
                  "product_id": "T030415",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:citrix:gateway:13.1-49.15"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Citrix Systems Citrix Gateway \u003c 13.0-92.19",
                "product": {
                  "name": "Citrix Systems Citrix Gateway \u003c 13.0-92.19",
                  "product_id": "T030416",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:citrix:gateway:13.0-92.19"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Citrix Gateway"
          }
        ],
        "category": "vendor",
        "name": "Citrix Systems"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-4967",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Citrix Systems ADC und Citrix Systems Citrix Gateway. Dieser Fehler besteht aufgrund einer unzul\u00e4ssigen Einschr\u00e4nkung von Operationen innerhalb der Grenzen eines Speicherpuffers. Ein entfernter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-4967"
    },
    {
      "cve": "CVE-2023-4966",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Citrix Systems ADC und Citrix Systems Citrix Gateway. Dieser Fehler besteht aufgrund einer unzul\u00e4ssigen Einschr\u00e4nkung von Operationen innerhalb der Grenzen eines Speicherpuffers. Ein entfernter Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen."
        }
      ],
      "release_date": "2023-10-10T22:00:00.000+00:00",
      "title": "CVE-2023-4966"
    }
  ]
}

ghsa-2g42-2pwg-93cj

Vulnerability from github

Published

2023-10-10 15:30

Modified

2023-10-25 18:32

Severity ?

9.4 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Details

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-4966"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-10T14:15:10Z",
    "severity": null
  },
  "details": "Sensitive information disclosure\u00a0in NetScaler ADC and NetScaler Gateway when configured as a\u00a0Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy)\u00a0or\u00a0AAA ?virtual?server.\u00a0\n\n\n\n",
  "id": "GHSA-2g42-2pwg-93cj",
  "modified": "2023-10-25T18:32:18Z",
  "published": "2023-10-10T15:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4966"
    },
    {
      "type": "WEB",
      "url": "https://support.citrix.com/article/CTX579459"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

fkie_cve-2023-4966

Vulnerability from fkie_nvd

Published

2023-10-10 14:15

Modified

2025-10-24 13:42

Severity ?

9.4 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server.

References

URL	Tags
secure@citrix.com	http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html	Third Party Advisory, VDB Entry
secure@citrix.com	https://support.citrix.com/article/CTX579459	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://support.citrix.com/article/CTX579459	Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4966	US Government Resource

Impacted products

Vendor	Product	Version
citrix	netscaler_application_delivery_controller	*
citrix	netscaler_application_delivery_controller	*
citrix	netscaler_application_delivery_controller	*
citrix	netscaler_application_delivery_controller	*
citrix	netscaler_application_delivery_controller	*
citrix	netscaler_application_delivery_controller	*
citrix	netscaler_gateway	*
citrix	netscaler_gateway	*
citrix	netscaler_gateway	*

JSON

To clipboard

{
  "cisaActionDue": "2023-11-08",
  "cisaExploitAdd": "2023-10-18",
  "cisaRequiredAction": "Apply mitigations and kill all active and persistent sessions per vendor instructions [https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/] OR discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*",
              "matchCriteriaId": "492BEB4B-7A4B-47C2-93D1-2B0683AA3A20",
              "versionEndExcluding": "12.1-55.300",
              "versionStartIncluding": "12.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*",
              "matchCriteriaId": "81EF12C2-4197-4C0D-BE11-556F05DAD646",
              "versionEndExcluding": "12.1-55.300",
              "versionStartIncluding": "12.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "9EEC53B2-686A-4C6F-98DE-5D6AE804B0A8",
              "versionEndExcluding": "13.0-92.19",
              "versionStartIncluding": "13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*",
              "matchCriteriaId": "109301A8-9ADD-4A49-9C45-D21A4DA840E9",
              "versionEndExcluding": "13.1-37.164",
              "versionStartIncluding": "13.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "5C1739C5-48C1-46BC-A524-B4CC4C5B6436",
              "versionEndExcluding": "13.1-49.15",
              "versionStartIncluding": "13.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "9148C36D-98B4-4166-8B9A-449EA86BA4B1",
              "versionEndExcluding": "14.1-8.50",
              "versionStartIncluding": "14.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FB1412D-F8D8-4592-A8A9-C1B841B93D5E",
              "versionEndExcluding": "13.0-92.19",
              "versionStartIncluding": "13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28A08B32-D145-499F-866E-BEEEDEBB2901",
              "versionEndExcluding": "13.1-49.15",
              "versionStartIncluding": "13.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F1610E6-FE48-4339-8E74-765E0517E33D",
              "versionEndExcluding": "14.1-8.50",
              "versionStartIncluding": "14.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Sensitive information disclosure\u00a0in NetScaler ADC and NetScaler Gateway when configured as a\u00a0Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy)\u00a0or\u00a0AAA \u202fvirtual\u202fserver."
    },
    {
      "lang": "es",
      "value": "Divulgaci\u00f3n de informaci\u00f3n confidencial en NetScaler ADC y NetScaler Gateway cuando se configura como Gateway (servidor virtual VPN, ICA Proxy, CVPN, RDP Proxy) o servidor \"virtual\" AAA."
    }
  ],
  "id": "CVE-2023-4966",
  "lastModified": "2025-10-24T13:42:55.550",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 9.4,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.5,
        "source": "secure@citrix.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-10T14:15:10.977",
  "references": [
    {
      "source": "secure@citrix.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html"
    },
    {
      "source": "secure@citrix.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.citrix.com/article/CTX579459"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.citrix.com/article/CTX579459"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4966"
    }
  ],
  "sourceIdentifier": "secure@citrix.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "secure@citrix.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2023-AVI-0823

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Citrix. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

NetScaler ADC et NetScaler Gateway versions 14.1.x antérieures à 14.1-8.50
NetScaler ADC et NetScaler Gateway versions 13.1.x antérieures à  13.1-49.15
NetScaler ADC et NetScaler Gateway versions 13.0.x antérieures à 13.0-92.19
NetScaler ADC 13.1-FIPS versions antérieures à 13.1-37.164
NetScaler ADC 12.1-FIPS versions antérieures à 12.1-55.300
NetScaler ADC 12.1-NDcPP versions antérieures à 12.1-55.300
Citrix Hypervisor 8.2 CU1 LTSR sans les correctifs de sécurité XS82ECU1047, XS82ECU1049, XS82ECU1051, XS82ECU1052 et XS82ECU1054 si les conditions d'exploitation sont réunies (se référer à l'avis de l'éditeur, cf. section Documentation)

Citrix indique que NetScaler ADC et NetScaler Gateway versions 12.1 sont obsolètes.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Citrix CTX575089 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité Citrix CTX579459 du 10 octobre 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eNetScaler ADC et NetScaler Gateway versions 14.1.x ant\u00e9rieures \u00e0 14.1-8.50\u003c/li\u003e \u003cli\u003eNetScaler ADC et NetScaler Gateway versions 13.1.x ant\u00e9rieures \u00e0 \u202f13.1-49.15\u003c/li\u003e \u003cli\u003eNetScaler ADC\u00a0et NetScaler Gateway versions 13.0.x ant\u00e9rieures \u00e0 13.0-92.19\u003c/li\u003e \u003cli\u003eNetScaler ADC 13.1-FIPS versions ant\u00e9rieures \u00e0 13.1-37.164\u003c/li\u003e \u003cli\u003eNetScaler ADC 12.1-FIPS versions ant\u00e9rieures \u00e0 12.1-55.300\u003c/li\u003e \u003cli\u003eNetScaler ADC 12.1-NDcPP versions ant\u00e9rieures \u00e0 12.1-55.300\u003c/li\u003e \u003cli\u003eCitrix Hypervisor 8.2 CU1 LTSR sans les correctifs de s\u00e9curit\u00e9 XS82ECU1047, XS82ECU1049, XS82ECU1051, XS82ECU1052 et XS82ECU1054 si les conditions d\u0027exploitation sont r\u00e9unies (se r\u00e9f\u00e9rer \u00e0 l\u0027avis de l\u0027\u00e9diteur, cf. section Documentation)\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eCitrix indique que NetScaler ADC et NetScaler Gateway versions 12.1 sont obsol\u00e8tes.\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-4967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4967"
    },
    {
      "name": "CVE-2023-34327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34327"
    },
    {
      "name": "CVE-2023-34326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34326"
    },
    {
      "name": "CVE-2023-20588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20588"
    },
    {
      "name": "CVE-2023-34324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34324"
    },
    {
      "name": "CVE-2023-4966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4966"
    },
    {
      "name": "CVE-2022-1304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1304"
    }
  ],
  "initial_release_date": "2023-10-11T00:00:00",
  "last_revision_date": "2023-10-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0823",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-10-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nCitrix. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Citrix",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX575089 du 10 octobre 2023",
      "url": "https://support.citrix.com/article/CTX575089/citrix-hypervisor-multiple-security-updates"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX579459 du 10 octobre 2023",
      "url": "https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2023-4966 (GCVE-0-2023-4966)

Vulnerability from cvelistv5

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

CERTFR-2023-ALE-012

Vulnerability from certfr_alerte

Solution

gsd-2023-4966

Vulnerability from gsd

WID-SEC-W-2023-2605

Vulnerability from csaf_certbund

wid-sec-w-2023-2605

Vulnerability from csaf_certbund

ghsa-2g42-2pwg-93cj

Vulnerability from github

fkie_cve-2023-4966

Vulnerability from fkie_nvd

CERTFR-2023-AVI-0823

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature