Fixed Intel

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Nov 8, 2023

High
CISA KEVRansomware

CVE-2023-4966

CitrixNetScaler ADC and NetScaler Gateway

Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

Required Action

https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/, https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967 ; https://nvd.nist.gov/vuln/detail/CVE-2023-4966

Vulnerability Overview

Severity
High
CISA KEV
Yes
Ransomware
Known
Published
Oct 18, 2023
KEV Added
Oct 18, 2023
Due Date
Nov 8, 2023
Related Articles
0

Vendor

Citrix

NetScaler ADC and NetScaler Gateway