- Home
- Alerts & Advisories
- Alerts
- Critical Vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway
Alerts
Critical Vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway
13 October 2023
Updated 22 November 2023:
The critical vulnerability CVE-2023-4966 is reportedly being actively exploited. Users and administrators of affected products are advised to update to the latest versions immediately. Upon patching, users and administrators are also advised to run the following commands to kill all active and persistent sessions as malicious sessions can persist after patching:
kill aaa session -all
kill icaconnection -all
kill rdp connection -all
kill pcoipConnection -all
clear lb persistentSessions
More information is available at https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/.
***
Citrix has released security updates to address critical vulnerabilities (CVE-2023-4966 and CVE-2023-4967).
The critical vulnerabilities are:
CVE-2023-4966: Unauthenticated buffer-related vulnerability that could lead to sensitive information disclosure
CVE-2023-4967: Unauthenticated buffer-related vulnerability that could lead to denial of service
The following products are affected by the vulnerabilities:
NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50
NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.15
NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.19
NetScaler ADC 13.1-FIPS before 13.1-37.164
NetScaler ADC 12.1-FIPS before 12.1-55.300
NetScaler ADC 12.1-NDcPP before 12.1-55.300
NetScaler ADC and NetScaler Gateway version 12.1 has reached End Of Life (EOL). Users and administrators of affected EOL products are advised to upgrade their appliances to a supported version to address the vulnerabilities.
Users and administrators of affected products are advised to update to the latest versions immediately.
More information is available here: