At the end of October, AssetNote released a proof-of-concept for the CVE-2023–4966 associated with sensitive information disclosure for Citrix Netscaler ADC devices and was given a severity rating of 9.4 (Critical).
After the release of PoC, there seems to be a mass exploitation of this vulnerability by threat actors. However, the technical details of this vulnerability were already obtained by threat actors and are currently being exploited in the wild.
CVE-2023-4966: Sensitive Data Exposure in Citrix Netscaler ADC
Threat actors can exploit this vulnerability to gain memory access to the affected devices. This memory also holds the session tokens, which allow the login bypass and all multi-factor authentications.
Moreover, once threat actors gain complete authentication over the device, they can perform various malicious actions.
Additional reports indicate that this vulnerability is being exploited by random people who are just owning anything to extract the session tokens. This report was extracted from GreyNoise Honeypots.
This security flaw is currently being exploited at a large scale, as per Kevin Beaumont’s observation. Previously, it was only utilized for targeted exploitation to gain access to a network and had not spread widely.
| CVE ID | Affected Products | Fixed in Version |
| CVE-2023-4966 | NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50 | NetScaler ADC and NetScaler Gateway 14.1-8.50 and later releases |
| NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.15 | NetScaler ADC and NetScaler Gateway 13.1-49.15 and later releases of 13.1 | |
| NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.19 | NetScaler ADC and NetScaler Gateway 13.0-92.19 and later releases of 13.0 | |
| NetScaler ADC 13.1-FIPS before 13.1-37.164 | NetScaler ADC 13.1-FIPS 13.1-37.164 and later releases of 13.1-FIPS | |
| NetScaler ADC 12.1-FIPS before 12.1-55.300 | NetScaler ADC 12.1-FIPS 12.1-55.300 and later releases of 12.1-FIPS | |
| NetScaler ADC 12.1-NDcPP before 12.1-55.300 | NetScaler ADC 12.1-NDcPP 12.1-55.300 and later releases of 12.1-NDcPP |
It is recommended for organizations to upgrade to the latest versions of Citrix Netscaler ADC to prevent this vulnerability from getting exploited.
Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.
