CVE-2023-4966 — Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability
2023-10-18 • CISA Known Exploited Vulnerability
[event] Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | Citrix |
| Product | NetScaler ADC and NetScaler Gateway |
| CWE | CWE-119 |
| CVE ID | CVE-2023-4966 |
| Date Added | 2023-10-18 |
| Due Date | 2023-11-08 |
| Ransomware Campaign | Known — this vulnerability has been leveraged in ransomware campaigns |
> MITIGATION
Apply mitigations and kill all active and persistent sessions per vendor instructions [https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/] OR discontinue use of the product if mitigations are unavailable.
Due Date: 2023-11-08