CVE-2023-4966

Name of the Vulnerable Software and Affected Versions Citrix NetScaler ADC and NetScaler Gateway versions prior to the fix released on October 10, 2023

Description Citrix NetScaler ADC and NetScaler Gateway are affected by a critical information disclosure vulnerability (CVE-2023-4966). This vulnerability is a buffer overflow that allows unauthenticated attackers to leak sensitive information, including session tokens, from systems configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or an AAA virtual server. Exploitation of this vulnerability has been observed since late August 2023, and multiple threat actors, including ransomware groups like LockBit, have actively exploited it. The vulnerability allows attackers to hijack existing authenticated sessions, potentially bypassing multi-factor authentication. The vulnerability is actively being exploited and a proof-of-concept exploit is publicly available. Numerous organizations have been impacted, including government, legal, and technology sectors. The estimated number of potentially affected devices is in the thousands.

Recommendations Apply the security updates released by Citrix on or after October 10, 2023. Invalidate all active and persistent sessions after applying the patch. Restrict access to vulnerable modules or features if possible. Monitor network traffic for suspicious activity related to the vulnerability.