Citrix Releases Critical Security Updates for NetScaler ADC and NetScaler Gateway
Citrix has released critical security updates addressing one Critical and one High severity vulnerability in NetScaler ADC and NetScaler Gateway
Summary
Citrix has released critical security updates addressing one Critical and one High severity vulnerability in NetScaler ADC and NetScaler Gateway
Affected platforms
The following platforms are known to be affected:
Threat details
End-of-life (EoL) products still vulnerable
Citrix have advised that NetScaler Gateway and NetScaler ADC version 12.1 is currently end-of-life, but still vulnerable to these vulnerabilities. Updates will not be issued, and organisations using EoL versions should upgrade to the latest release of supported versions as soon as possible.
Introduction
Citrix has released a security bulletin for one Critical and one High severity vulnerabilities, tracked as CVE-2023-4966 and CVE-2023-4967.
- CVE-2023-4966 has a CVSSv3 score of 9.4 and relates to sensitive information disclosure.
- CVE-2023-4967 has a CVSSv3 score of 8.2 and relates to denial-of-service (DoS).
Note - Only appliances configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server are vulnerable to the above.
A remote, unauthenticated attacker could exploit CVE-2023-4966 to hijack existing authenticated sessions, bypassing multi-factor authentication (MFA) or other strong authentication requirements.
Active exploitation of CVE-2023-4966
Citrix and Mandiant have confirmed evidence of active exploitation of CVE-2023-4966. Following public disclosure of a proof of concept, a considerable increase in exploitation attempts in the wild has been observed.
Threat updates
| Date | Update |
|---|---|
| 26 Oct 2023 |
Elevated to High Severity Alert
Cyber Alert elevated to High Severity following public release of a proof of concept and subsequent increases in exploitation in the wild. |
| 19 Oct 2023 |
Exploitation of CVE-2023-4966
This cyber alert has been updated to reflect this change. |
Remediation advice
Affected organisations are required to review Citrix Security Bulletin CTX579459 and apply the relevant updates as soon as possible.
Organisations are also required to review the additional recommendations detailed in Cisco's Cloud Software Group blog covering CVE-2023-4966 to kill active and persistent sessions.
Note - Even if patches have already been applied, organisations should follow steps to kill active and persistent sessions.
Remediation steps
| Type | Step |
|---|---|
| Patch |
Apply relevant security updates to affected instances of Netscaler Gateway and Netscaler ADC, or upgrade to a supported version. https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967 |
| Action |
Kill all active and persistent sessions on affected devices using the following commands: kill icaconnection -all kill rdp connection -all kill pcoipConnection -all kill aaa session -all clear lb persistentSessions https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/ |
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 26 October 2023 2:48 pm