- 304/2023
- Critical
Citrix has released security recommendations for a critical vulnerability that affects customer-managed NetScaler ADC and NetScaler Gateway.
Referring to report 253/2023 “Citrix Security Updates – 11 October 2023”, Security researchers revealed that CVE-2023-4966 has been under active exploitation and Citrix encourages administrators after upgrading to remove any active or persistent sessions.
Citrix NetScaler ADC and NetScaler Gateway Information Disclosure (CVE-2023- 4966):
- CVSS: 9.4
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Obtain Information
It should be highlighted that Citrix has released Investigation Steps to ensure that your environment doesn’t have compromised NetScaler sessions.
Vulnerabilities
CVE-2023-4966
Mitigations
For more information about Citrix recommendations and investigation steps: