CVE-2023-4966:
Unauthenticated sensitive information disclosure in Citrix NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
Score
A numerical rating that indicates how dangerous this vulnerability is.
7.5High- Published Date:Oct 10, 2023
- CISA KEV Date:Oct 18, 2023
- Industries Affected:20
8 DaysThreat Predictions
- EPSS Score:94.3
- EPSS Percentile:100%
Exploitability
- Score:3.9
- Attack Vector:NETWORK
- Attack Complexity:LOW
- Privileges Required:NONE
- User Interaction:NONE
- Scope:UNCHANGED
Impact
- Score:3.6
- Confidentiality Impact:HIGH
- Integrity Impact:NONE
- Availability Impact:NONE
Description Preview
Unauthenticated sensitive information disclosure in Citrix NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
Overview
This CVE (CVE-2023-4966) describes an unauthenticated sensitive information disclosure in Citrix NetScaler ADC and NetScaler Gateway when the devices are configured as Gateway services (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or as AAA virtual servers. The vulnerability is network-accessible, requires no privileges, and needs no user interaction. It yields high confidentiality and integrity impact but a low availability impact, reflected in a CVSS v3.1 base score of 9.4 (CRITICAL). The affected versions are various older patch levels across NetScaler ADC (14.1, 13.1, 13.0, 13.1-FIPS, 12.1-FIPS, 12.1-NDcPP) and NetScaler Gateway with corresponding patch level thresholds.
Remediation
- Apply the vendor-provided patch and upgrade to the fixed Release/Build that contains the CVE-2023-4966 fix (refer to Citrix CTX579459 for the exact patched versions).
- If patching immediately is not possible, implement mitigations to reduce exposure: restrict Gateway access to trusted networks or VPNs, implement strict access controls and IP allowlists, disable gateway features not in use, and enforce network-level protections (firewalls/WAF rules) around the gateway endpoints.
- After patching or applying mitigations, verify the fix by checking the device version against the patched release and, if possible, re-run relevant vulnerability scans and monitor for exploit indicators in logs. Consider rotating credentials and reviewing access logs for anomalous activity during the remediation window.
References
Armis Early Warning
Armis Early Warning provides proactive threat intelligence and early detection capabilities.Click here to learn more.
- Armis Alert Date:*No Data*
- CISA KEV Date:Oct 18, 2023
- Days Early:8 Days
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
