CVE-2023-4966

CRITICAL9.4Memory safety

CISA KEVRansomwarePublic PoCTrendingHigh EPSS

Description

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

Affected products

Citrix / NetScaler ADC14.1 – 8.50
Citrix / NetScaler ADC13.1 – 49.15
Citrix / NetScaler ADC13.0 – 92.19
Citrix / NetScaler ADC13.1-FIPS – 37.164
Citrix / NetScaler ADC12.1-FIPS – 55.300
Citrix / NetScaler ADC12.1-NDcPP – 55.300
Citrix / NetScaler Gateway14.1 – 8.50
Citrix / NetScaler Gateway13.1 – 49.15
Citrix / NetScaler Gateway13.0 – 92.19

Exploits & proofs of concept

nucleiCitrix Bleed - Leaking Session Tokensby DhiyaneshDK

References

MISChttps://support.citrix.com/article/CTX579459
EXPLOIThttp://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html