Today, Citrix released a security bulletin highlighting two vulnerabilities in the NetScaler ADC and NetScaler Gateway platforms.
The first, CVE-2023-4966, carries a critical CVSS rating of 9.4, and is an “unauthenticated buffer-related vulnerability” that can lead to “sensitive information disclosure”. So far, Citrix has not disclosed what sensitive information can be disclosed from successful exploitation.
The second vulnerability, CVE-2023-4967, carries a high-severity CVSS rating of 8.2, and is a denial of service (DoS) vulnerability. It should be noted that the device must be configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or a AAA virtual server in order to be vulnerable.
Affected Products
The bulletin applies to customer-managed NetScaler ADC and NetScaler Gateway products:
- NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50
- NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.15
- NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.19
- NetScaler ADC 13.1-FIPS before 13.1-37.164
- NetScaler ADC 12.1-FIPS before 12.1-55.300
- NetScaler ADC 12.1-NDcPP before 12.1-55.300
Note: NetScaler ADC and NetScaler Gateway version 12.1 are now End-of-Life (EOL) and are vulnerable.
Remediation
Customers must install the relevant updated version in order to be protected. No mitigations or workarounds are known at this time.
- NetScaler ADC and NetScaler Gateway 14.1-8.50 and later releases
- NetScaler ADC and NetScaler Gateway 13.1-49.15 and later releases of 13.1
- NetScaler ADC and NetScaler Gateway 13.0-92.19 and later releases of 13.0
- NetScaler ADC 13.1-FIPS 13.1-37.164 and later releases of 13.1-FIPS
- NetScaler ADC 12.1-FIPS 12.1-55.300 and later releases of 12.1-FIPS
- NetScaler ADC 12.1-NDcPP 12.1-55.300 and later releases of 12.1-NDcPP
Note: NetScaler ADC and NetScaler Gateway version 12.1 is now End-of-Life (EOL).
Customers are recommended to upgrade their appliances to one of the supported versions that address the vulnerabilities.
Additional Resources
NOTICE
As this is actively being investigated and new information is continuously coming out, this information is subject to change. Please reach out to our team for corrections and see if PacketWatch can help detect and respond to any potential incidents.
DISCLAIMER
Kindly be advised that the information contained in this article is presented with no final evaluation and should be considered raw data. The sole purpose of this information is to provide situational awareness based on the currently available knowledge. We recommend exercising caution and conducting further research as necessary before making any decisions based on this information.
PacketWatch Team Sixty43
