Menu
Want relief keeping up with product patching, upgrades, and more? Learn how our Managed Services for law firms can help you.
Oct 11, 2023
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway has been discovered as an exploitable target of malicious attack.
Multiple vulnerabilities have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway).
Affected versions:
Note: NetScaler ADC and NetScaler Gateway version 12.1 is now End Of Life (EOL) and is vulnerable.
This bulletin only applies to customer-managed NetScaler ADC and NetScaler Gateway products. Customers using Citrix-managed cloud services or Citrix-managed Adaptive Authentication do not need to take any action.
| CVE ID | Description | Pre-requisites | CWE | CVSS |
|---|---|---|---|---|
| CVE-2023-4966 | Sensitive information disclosure | Appliance must be configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server | CWE-119 | 9.4 |
| CVE-2023-4967 | Denial of service | Appliance must be configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server | CWE-119 | 8.2 |
Cloud Software Group strongly urges affected customers of NetScaler ADC and NetScaler Gateway to install the relevant updated versions of NetScaler ADC and NetScaler Gateway as soon as possible.
Note: NetScaler ADC and NetScaler Gateway version 12.1 is now End-of-Life (EOL). Customers are recommended to upgrade their appliances to one of the supported versions that address the vulnerabilities.