New Critical Vulnerability in Citrix NetScaler Exposes 'Sensitive Information' | CVE-2023-4966, CVE-2023-4967

Today, Citrix released a security bulletin highlighting two vulnerabilities in the NetScaler ADC and NetScaler Gateway platforms.

The first, CVE-2023-4966, carries a critical CVSS rating of 9.4, and is an “unauthenticated buffer-related vulnerability” that can lead to “sensitive information disclosure”. So far, Citrix has not disclosed what sensitive information can be disclosed from successful exploitation.

The second vulnerability, CVE-2023-4967, carries a high-severity CVSS rating of 8.2, and is a denial of service (DoS) vulnerability. It should be noted that the device must be configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or a AAA virtual server in order to be vulnerable.

Affected Products

The bulletin applies to customer-managed NetScaler ADC and NetScaler Gateway products:

• NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50
• NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.15
• NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.19
• NetScaler ADC 13.1-FIPS before 13.1-37.164
• NetScaler ADC 12.1-FIPS before 12.1-55.300
• NetScaler ADC 12.1-NDcPP before 12.1-55.300

Note: NetScaler ADC and NetScaler Gateway version 12.1 are now End-of-Life (EOL) and are vulnerable.

Remediation

Customers must install the relevant updated version in order to be protected. No mitigations or workarounds are known at this time.

• NetScaler ADC and NetScaler Gateway 14.1-8.50 and later releases
• NetScaler ADC and NetScaler Gateway 13.1-49.15 and later releases of 13.1
• NetScaler ADC and NetScaler Gateway 13.0-92.19 and later releases of 13.0
• NetScaler ADC 13.1-FIPS 13.1-37.164 and later releases of 13.1-FIPS
• NetScaler ADC 12.1-FIPS 12.1-55.300 and later releases of 12.1-FIPS
• NetScaler ADC 12.1-NDcPP 12.1-55.300 and later releases of 12.1-NDcPP

Note: NetScaler ADC and NetScaler Gateway version 12.1 is now End-of-Life (EOL).

Customers are recommended to upgrade their appliances to one of the supported versions that address the vulnerabilities.

Additional Resources

• https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967
• https://www.bleepingcomputer.com/news/security/new-critical-citrix-netscaler-flaw-exposes-sensitive-data/

NOTICE

As this is actively being investigated and new information is continuously coming out, this information is subject to change. Please reach out to our team for corrections and see if PacketWatch can help detect and respond to any potential incidents.