CVE-2023-4966 Unauthenticated sensitive information disclosure

2023-10-1013:12:17

CWE-119

Citrix

www.cve.org

cve-2023-4966

sensitive information disclosure

netscaler adc

netscaler gateway

unauthenticated

gateway

vpn virtual server

ica proxy

cvpn

rdp proxy

aaa virtual server

9.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

9.3 High

AI Score

Confidence

High

0.971 High

EPSS

Percentile

99.8%

JSON

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "NetScaler ADC ",
    "vendor": "Citrix",
    "versions": [
      {
        "lessThan": "8.50",
        "status": "affected",
        "version": "14.1",
        "versionType": "patch"
      },
      {
        "lessThan": "49.15",
        "status": "affected",
        "version": "13.1",
        "versionType": "patch"
      },
      {
        "lessThan": "92.19",
        "status": "affected",
        "version": "13.0",
        "versionType": "patch"
      },
      {
        "lessThan": "37.164",
        "status": "affected",
        "version": "13.1-FIPS",
        "versionType": "patch"
      },
      {
        "lessThan": "55.300",
        "status": "affected",
        "version": "12.1-FIPS",
        "versionType": "patch"
      },
      {
        "lessThan": "55.300",
        "status": "affected",
        "version": "12.1-NDcPP",
        "versionType": "patch"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "NetScaler Gateway",
    "vendor": "Citrix",
    "versions": [
      {
        "lessThan": "8.50",
        "status": "affected",
        "version": "14.1",
        "versionType": "patch"
      },
      {
        "lessThan": "49.15",
        "status": "affected",
        "version": "13.1",
        "versionType": "patch"
      },
      {
        "lessThan": "92.19",
        "status": "affected",
        "version": "13.0",
        "versionType": "patch"
      }
    ]
  }
]