Lucene search
HistoryOct 10, 2023 - 2:15 p.m.
CVE-2023-4966
cve-2023-4966
sensitive information disclosure
netscaler adc
netscaler gateway
vpn
ica proxy
cvpn
rdp proxy
aaa virtual server
9.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
8.6 High
AI Score
Confidence
High
0.971 High
EPSS
Percentile
99.8%
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.
Affected configurations
Node
citrixnetscaler_application_delivery_controllerRange12.1–12.1-55.300fips
ORcitrixnetscaler_application_delivery_controllerRange12.1–12.1-55.300ndcpp
ORcitrixnetscaler_application_delivery_controllerRange13.0–13.0-92.19-
ORcitrixnetscaler_application_delivery_controllerRange13.1–13.1-37.164fips
ORcitrixnetscaler_application_delivery_controllerRange13.1–13.1-49.15-
ORcitrixnetscaler_application_delivery_controllerRange14.1–14.1-8.50-
ORcitrixnetscaler_gatewayRange13.0–13.0-92.19
ORcitrixnetscaler_gatewayRange13.1–13.1-49.15
ORcitrixnetscaler_gatewayRange14.1–14.1-8.50
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "NetScaler ADC ",
"vendor": "Citrix",
"versions": [
{
"lessThan": "8.50",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "49.15",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "92.19",
"status": "affected",
"version": "13.0",
"versionType": "patch"
},
{
"lessThan": "37.164",
"status": "affected",
"version": "13.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.300",
"status": "affected",
"version": "12.1-FIPS",
"versionType": "patch"
},
{
"lessThan": "55.300",
"status": "affected",
"version": "12.1-NDcPP",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NetScaler Gateway",
"vendor": "Citrix",
"versions": [
{
"lessThan": "8.50",
"status": "affected",
"version": "14.1",
"versionType": "patch"
},
{
"lessThan": "49.15",
"status": "affected",
"version": "13.1",
"versionType": "patch"
},
{
"lessThan": "92.19",
"status": "affected",
"version": "13.0",
"versionType": "patch"
}
]
}
]References
Social References
More
Related
hackerone
hackerone
U.S. Dept Of Defense: Out-Of-Bounds Memory Read on ███
2024-05-16 19:04:15
cvelist
cvelist
CVE-2023-4966 Unauthenticated sensitive information disclosure
2023-10-10 13:12:17
malwarebytes
malwarebytes
Citrix Bleed widely exploited, warn government agencies
2023-11-24 19:20:11
Ransomware review: December 2023
2023-12-13 19:22:12
githubexploit
githubexploit
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Citrix Netscaler Application Delivery Controller
2023-10-25 07:17:54
hackread
hackread
Mandiant Tracks Four Uncategorized Groups Exploiting Citrix Vulnerability
2023-11-01 22:14:45
thn
thn
Alert: PoC Exploits Released for Citrix and VMware Vulnerabilities
2023-10-25 04:47:00
attackerkb
attackerkb
CVE-2023-4966
2023-10-10 00:00:00
nvd
nvd
CVE-2023-4966
2023-10-10 14:15:10
metasploit
metasploit
Citrix ADC (NetScaler) Bleed Scanner
2023-10-26 13:15:03
hivepro
hivepro
A Longstanding Zero-Day in Citrix Devices Exploited Since August
2023-10-20 12:47:00
cisa_kev
cisa_kev
Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability
2023-10-18 00:00:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2023-11-03 19:10:16
prion
prion
Information disclosure
2023-10-10 14:15:00
talosblog
talosblog
nuclei
nuclei
Citrix Bleed - Leaking Session Tokens
2023-10-24 10:58:04
citrix
citrix
nessus
nessus
NetScaler ADC and NetScaler Gateway Multiple Vulnerabilities (CTX579459)
2023-10-13 00:00:00
ics
ics
avleonov
avleonov
9.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
8.6 High
AI Score
Confidence
High
0.971 High
EPSS
Percentile
99.8%
Related for CVE-2023-4966